Methods and systems of executing a business transaction from a merchant using a centralized or distributed ledger

ABSTRACT

A method and system for executing a business transaction from a merchant is provided, including receiving at a processor associated with the merchant a code representing information of a user, wherein the code is provided by an output device for a processor associated with the user, and wherein the information has been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address; converting the code to the information of the user; deriving a public attest key by using the information of the user; deriving an attestation address using the public attest key; verifying the existence of the attestation transaction at the attestation address in the centralized or distributed ledger; and upon verification of the existence of the attestation transaction, completing the business transaction.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.15/582,130, filed on Apr. 28, 2017, which claims priority to U.S.Provisional Patent Application No. 62/330,097 filed on Apr. 30, 2016,which is hereby incorporated by reference in their entirety.

TECHNICAL FIELD

The present disclosure relates generally to techniques for providingattestation of information with use of a centralized or distributedledger.

BACKGROUND

Existing methods of validating information and identity and maintaininginformation and identity security have numerous weaknesses. Forinstance, the leaking of private user information, such as a socialsecurity number (SSN) or credit card number, makes it possible formalefactors to imitate another person and to perform unauthorizedtransactions on their behalf. Security breaches resulting in leaks ofthis type of information have become commonplace with large retailers.

Identity verification is often overly reliant on communication networksthat are unreliable. When the network goes down or has insufficientconnectivity, transaction systems can be completely inhibited causingloss of funds in a retail context and causing tremendous delays in othertransactions. Information verification is also often reliant uponphysical documents that can be counterfeited. Identity verification isoften reliant on mere knowledge of personal information, especially inscenarios where the person is not present to prove identity, such asphone calls or online.

Attempts to use personally identifiable information (PII) areinconsistently protected by vendors. For example, attempts to use aperson's SSN to apply for new credit are often reported to that persononly after a credit inquiry has been performed. As a result, in the caseof a fraudulent use of a SSN, victims are often informed after some orall of the damage has occurred, if they are informed at all.

Accordingly, there remains a need for improved devices, systems, andmethods for protecting the use of user identity and for securelyproviding personal information.

SUMMARY

In one aspect of the disclosed subject matter, a method and system ofproviding attestation of information by an attestor is provided,including receiving the information and a public key generated for theinformation; applying a hash function to the information to create ahash; combining the hash of the information with the public keygenerated for the information to generate a public attest key;generating an attestation address based on the public attest key; andcommunicating a signed transaction to a centralized or distributedledger for storage at the attestation address.

In some embodiments, elliptic curve addition is used to combine the hashof the information with the public key generated for the information togenerate the public attest key.

In some embodiments, the public attest key is generated by using thehash of the information as an offset and using the public key generatedfor the information to generate the public attest key. In someembodiments, generation of the public attest key by using the hash ofthe information as an offset is performed in a manner compliant with theBitcoin BIP32 standard for hierarchical deterministic wallets.

In some embodiments, generating the attestation address comprisescombining two or more public keys of potential signers utilizing amulti-signature script which implements the Pay to Script Hash (P2SH)function. The public keys of potential signers can include one or moreof the public attest key, a public key of a wallet provider, a publickey of the attestor, and a recovery public key of a user.

In some embodiments, generating the attestation address for a singlesignature transaction includes applying a second hash function to thepublic attest key. The second hash function can include the P2PKHalgorithm.

In some embodiments, generating the attestation address for a multiplesignature transaction includes generating a redeem script using thepublic keys of the multiple signatories, serializing the redeem scriptto create a serialized output, applying a second hash function to theserialized output to create a second hash, and applying a third hashfunction to the second hash. The second hash function can include theSHA256 algorithm, and the third hash function can include the RIPEMD160algorithm.

In some embodiments, the centralized or distributed ledger is thebitcoin blockchain.

A data block for providing attestation of information associated with atransaction for storage in a centralized or distributed ledger isprovided, including a public attest key generated by applying a hashfunction to the information to create a hash, and combining the hash ofthe information with a public key generated for the information; and anattestation address for storage of the transaction on the centralized ordistributed ledger based on the public attest key.

In some embodiments, elliptic curve addition is used to combine the hashof the information with the public key generated for the information togenerate the public attest key.

In some embodiments, the hash of the information is used as an offsetwith the public key generated for the information to generate the publicattest key.

In some embodiments, the attestation address is generated by combiningtwo or more public keys of potential signers utilizing a multi-signaturescript which implements the Pay to Script Hash (P2SH) function. Thepublic keys of potential signers can include one or more of the publicattest key, a public key of a wallet provider, a public key of theattestor, and a recovery public key of a user.

In some embodiments, the attestation address for a single signaturetransaction is created by applying a second hash function to the publicattest key. The second hash function can include the P2PKH algorithm.

In some embodiments, the attestation address for a multiple signaturetransaction is created by generating a redeem script using the publickeys of the multiple signatories, serializing the redeem script tocreate a serialized output, applying a second hash function to theserialized output to create a second hash, and applying a third hashfunction to the second hash. The second hash function can include theSHA256 algorithm, and the third hash function can include the RIPEMD160algorithm.

In another aspect of the disclosed subject matter, a method of providingverification of information of a user relating to an attestationtransaction is provided. The method is implemented on a computer systemhaving one or more physical processors configured by machine-readableinstructions which, when executed perform the method, and includessending a request for information of the user, wherein the informationhas been previously attested to in an attestation transaction storedwithin a centralized or distributed ledger at an attestation address,the centralized or distributed ledger providing a record oftransactions; receiving at a processor associated with a verifier theinformation of the user; sending a cryptographic challenge nonce;receiving at the processor associated with the verifier thecryptographic challenge nonce signed by the user's private key;verifying user identity with the cryptographic challenge nonce signed bythe user's private key; deriving a public attest key by using theinformation of the user; deriving an attestation address using thepublic attest key; and verifying the existence of the attestationtransaction at the attestation address in the centralized or distributedledger.

In some embodiments, sending a request for information further includessending a request for the user's public key; and receiving theinformation further includes receiving the user's public key.

In some embodiments, verifying user identity further includes checkingthe user's public key and the cryptographic challenge nonce signed bythe user's private key.

In some embodiments, deriving a public attest key further includes usingthe information and the user's public key to derive the public attestkey.

In some embodiments, the method further includes providing a processorassociated with an attestor for generating the attestation transaction.

In some embodiments, the method further includes verifying that theattestation address for the attestation transaction can be derived usingthe Pay to Script Hash (P2SH) with the public attest key, and theattestor's public key.

In some embodiments, the method further includes verifying that theattestation address for the attestation transaction can be derived usingthe Pay to Script Hash (P2SH) with the public attest key, the attestor'spublic key, and a third party cosigner public key.

In some embodiments, sending a request for information further includessending a request for the attestor's public key and a third partycosigner's public key.

In some embodiments, using the information to derive the public attestkey further includes using at least one of the user's public key, anattestor's public key and a third party cosigner's public key to derivethe public attest key.

In some embodiments, deriving a public attest key includes deriving thepublic attest key using an application or website of the attestor.

In some embodiments, deriving a public attest key includes deriving thepublic attest key using a third party application or website.

In some embodiments, the processor associated with the verifier sendsthe information received by the user to the processor associated withthe attestor and receives the public attest key from the processorassociated with the attestor.

In some embodiments, the computer system associated with the verifiergenerates the public attest key. In some embodiments, the computersystem associated with the verifier generates the attestation address.

In some embodiments, the computer system associated with the verifiersends the user information and the user's public key to a third partyapplication or website and the computer system associated with theverifier receives the public attest key and the attestation address fromthird party application or website

In some embodiments, the computer system associated with the verifieruses a third party digital wallet provider application or website toverify the existence of the attestation transaction at the attestationaddress.

In some embodiments, the computer system associated with the verifiersend the information received from the user to an attestor to verify theattestation transaction at the attestation address.

In some embodiments, sending a request for information of the user,includes providing a request to the user for information of the user,and receiving the information of the user includes receiving from theuser the information of the user.

In some embodiments, sending a request for information of the user,includes providing a request to an attestor for information of the user;and receiving the information of the user includes receiving from theattestor the information of the user.

A system for providing verification of information of a user relating toan attestation transaction is provided. The system includes a computersystem having one or more physical processors configured bymachine-readable instructions to: send a request for information of theuser, wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address, the centralized or distributed ledgerproviding a record of transactions; receive at a processor associatedwith the verifier the information of the user; send a cryptographicchallenge nonce; receive at the processor associated with the verifierthe cryptographic challenge nonce signed by the user's private key;verify user identity with the cryptographic challenge nonce signed bythe user's private key; derive a public attest key by using theinformation of the user; derive an attestation address using the publicattest key; and verify the existence of the attestation transaction atthe attestation address in the centralized or distributed ledger.

In another aspect of the disclosed subject matter, a method of revokingan attestation transaction regarding information of a user is provided.The method is implemented on a computer system having one or morephysical processors configured by machine-readable instructions which,when executed perform the method, including generating a signedrevocation transaction to revoke the previously attested information;and sending the signed revocation transaction to the centralized ordistributed ledger, wherein the information has been previously attestedto in an attestation transaction stored within a centralized ordistributed ledger at an attestation address, the centralized ordistributed ledger providing a verifiable record of transactions, andrevoking the attestation transaction by spending cryptocurrencyassociated with the attestation transaction.

In some embodiments, the method further includes receiving a public keygenerated for the information; combining a hash of the information withthe public key to generate a public attest key; and generating theattestation address based on the public attest key.

In some embodiments, generating the signed transaction includes using apublic key of the user.

In some embodiments, the method further includes providing a processorassociated with an attestor for generating the attestation addressassociated with the attestation transaction.

In some embodiments, generating the signed transaction includes using atleast one of a public key of the user and a public key of the attestor.In some embodiments, generating the signed transaction includes using atleast one of a public key of the user, a public key of the attestor, anda public key of a third party.

In some embodiments, the previously attested information to be revokedincludes at least a portion of the previously attested information thatis no longer valid.

In some embodiments, spending cryptocurrency associated with theattestation transaction includes transferring cryptocurrency to a walletassociated with the attestor.

In some embodiments, the method further includes providing a third partyhaving a relationship with a user, and receiving a request forrevocation from the third party because a relationship between the userand the third party has become invalid.

In some embodiments, a processor associated with the user generates thesigned transaction which spends the cryptocurrency or dust associatedwith the existing attestation.

In some embodiments, the processor associated with the attestorgenerates the signed transaction which spends the cryptocurrency or dustassociated with a transaction.

In some embodiments, a processor associated with the user performs thestep of identifying previously attested information to be revoked, andthe processor associated with the attestor performs the steps ofgenerating a signed revocation transaction to revoke the previouslyattested information; and broadcasting the signed revocation transactionto the centralized or distributed ledger and revoking the attestationtransaction.

A method is implemented on a computer system having one or more physicalprocessors configured by machine-readable instructions which, whenexecuted perform the method, including generating a signed revocationtransaction to revoke the previously attested information; and sendingthe signed revocation transaction to the centralized or distributedledger, wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address, the centralized or distributed ledgerproviding a verifiable record of transactions, and revoking theattestation transaction by spending cryptocurrency associated with theattestation transaction; and if there is new information to be attestedto, generating a second attestation address associated with a secondattestation transaction.

In some embodiments, the method includes prior to generating a secondattestation address, determining whether there is new information forattestation.

In some embodiments, generating a second attestation address includesreceiving a public key generated for the new information; combining ahash of the new information with the public key to generate a publicattest key; and generating the second attestation address based on thepublic attest key.

In some embodiments, the new information includes previously attestedinformation to be revoked. In some embodiments, the new information isassociated with a different user than the previously attestedinformation to be revoked.

In some embodiments, the method further includes providing a processorassociated with an attestor for generating the second attestationaddress associated with the second attestation transaction based on theinformation.

In some embodiments, the method further includes generating a signedattestation using at least one of a public key of the user, a public keyof the attestor, and a public key of a third party.

A system of revoking an attestation transaction regarding information ofa user is provided. The system includes a computer system having one ormore physical processors configured by machine-readable instructions togenerate a signed revocation transaction to revoke the previouslyattested information, wherein the information has been previouslyattested to in an attestation transaction stored within a centralized ordistributed ledger at an attestation address, the centralized ordistributed ledger providing a verifiable record of transactions; andsend the signed revocation transaction to the centralized or distributedledger and revoking the attestation transaction by spendingcryptocurrency associated with the attestation transaction.

In yet another aspect of the disclosed subject matter, a method ofexecuting a business transaction from a commercial website is provided.The method is implemented on a computer system having one or morephysical processors configured by machine-readable instructions which,when executed perform the method, including receiving at processorassociated with the commercial website an indication from a user tostart processing a business transaction; sending a request forinformation of the user, wherein the information has been previouslyattested to in an attestation transaction stored within a centralized ordistributed ledger at an attestation address, the centralized ordistributed ledger providing a verifiable record of transactions;receiving at the processor associated with the commercial website theinformation of the user; sending a cryptographic challenge nonce;receiving at the processor associated with the commercial website thecryptographic challenge nonce signed by the user's private key;verifying user identity with the cryptographic challenge nonce signed bythe user's private key; deriving a public attest key by using theinformation of the user; deriving an attestation address using thepublic attest key; verifying the existence of the attestationtransaction at the attestation address in the centralized or distributedledger; and upon verification of the existence of the attestationtransaction, completing the business transaction.

In some embodiments, the business transaction is a purchase transaction.In some embodiments, the commercial website is a merchant website. Insome embodiments, the method further includes facilitating theindication of the user to start processing the transaction through anelectronic display.

In some embodiments, receiving an indication from a user to startprocessing a transaction comprises receiving login information from theuser and validating the login information.

In some embodiments, sending a request for information of the userincludes providing a request to the user for information of the user. Insome embodiments, receiving the information of the user includesreceiving from the user the information of the user.

In some embodiments, sending a request for information of the userincludes providing a request to an attestor for information of the user.In some embodiments, receiving the information of the user includesreceiving from the attestor the information of the user.

In some embodiments, sending a cryptographic challenge nonce includessending a cryptographic challenge nonce to a digital wallet of the user.In some embodiments, receiving the cryptographic challenge nonce signedby the user's private key includes receiving from the digital wallet ofthe user the cryptographic challenge nonce signed by the user's privatekey.

In some embodiments, the attestation transaction includes receiving fromthe user the information and a public key generated for the information;applying a hash function to the information to create a hash; combiningthe hash of the information with the public key generated for theinformation to generate a public attest key; generating an attestationaddress based on the public attest key; and communicating a signedtransaction to the centralized or distributed ledger for storage at theattestation address.

A system for executing a business transaction from a commercial website,the system comprising a computer system having one or more physicalprocessors configured by machine-readable instructions to: receive anindication from a user to start processing a business transaction; senda request for information of the user, wherein the information has beenpreviously attested to in an attestation transaction stored within acentralized or distributed ledger at an attestation address, thecentralized or distributed ledger that provides a verifiable record oftransactions; receive at the processor associated with the commercialwebsite the information of the user; send a cryptographic challengenonce; receive at the processor associated with the commercial websitethe cryptographic challenge nonce signed by the user's private key;verify user identity with the cryptographic challenge nonce signed bythe user's private key; derive a public attest key by using theinformation of the user; derive an attestation address using the publicattest key; verify the existence of the attestation transaction at theattestation address in the centralized or distributed ledger; and uponverification of the existence of the attestation transaction, completethe business transaction.

In some embodiments, the system further includes an electronic displayto facilitate the indication of the user to start processing thetransaction through.

In some embodiments, the one or more physical processors are furtherconfigured by machine-readable instructions to: receive logininformation from the user and validate the login information.

In some embodiments, the one or more physical processors are furtherconfigured by machine-readable instructions to: send a request forinformation of the user, comprising providing a request to the user forinformation of the user, wherein the information has been previouslyattested to in an attestation transaction. In some embodiments,receiving the information of the user includes receiving from the userthe information of the user

In some embodiments, sending a request for information of the userincludes providing a request to an attestor for information of the user,wherein the information has been previously attested to in anattestation transaction. In some embodiments, receiving the informationof the user includes receiving from the attestor the information of theuser.

In some embodiments, the computer system is configured bymachine-readable instructions to the send the cryptographic challengenonce to the digital wallet of the user. In some embodiments, thecomputer system is configured by machine-readable instructions toreceive from the digital wallet of the user the cryptographic challengenonce signed by the user's private key.

In some embodiments, the system is configured to perform the attestationtransaction, wherein the one or more physical processors are furtherconfigured by machine-readable instructions to receive from the user theinformation and a public key generated for the information; apply a hashfunction to the information to create a hash; combine the hash of theinformation with the public key generated for the information togenerate a public attest key; generate an attestation address based onthe public attest key; and communicate a signed transaction to thecentralized or distributed ledger for storage at the attestationaddress.

In a still further aspect of the disclosed subject matter, a method ofexecuting a business transaction with a commercial entity, such as amerchant, the method being implemented on a computer system having oneor more physical processors configured by machine-readable instructionswhich, when executed perform the method, comprising: receiving at aprocessor associated with the merchant a code representing informationof a user, wherein the code is provided by an output device for aprocessor associated with the user, and wherein the information has beenpreviously attested to in an attestation transaction stored within acentralized or distributed ledger at an attestation address, thecentralized or distributed ledger providing a record of transactions;converting the code to the information of the user; deriving a publicattest key by using the information of the user; deriving an attestationaddress using the public attest key; verifying the existence of theattestation transaction at the attestation address in the centralized ordistributed ledger; and upon verification of the existence of theattestation transaction, completing the business transaction.

In some embodiments, prior to completing the business transaction, themethod includes sending a cryptographic challenge nonce to the processorassociated with the user; receiving at the processor associated with themerchant the cryptographic challenge nonce signed by the user's privatekey; and verifying user identity with the cryptographic challenge noncesigned by the user's private key and the user's public key.

In some embodiments, receiving at the processor associated with themerchant a code representing information of the user, includes receivinga visual code displayed on a display unit for a processor associatedwith user.

In some embodiments, receiving at the processor associated with themerchant a visual code representing information of the user includesoptically recognizing the visual code displayed on the display unit forthe processor associated with the user. In some embodiments, receivingat the processor associated with the merchant a visual code representinginformation of the user includes placing an optical recognition deviceassociated with the processor of the merchant in visual proximity withthe display unit for the processor associated with the user.

In some embodiments, receiving at the processor associated with themerchant a code representing information of the user, includes receivinga signal transmitted by a short range transmitter for a processorassociated with user. In some embodiments, the signal transmitted by theshort range transmitter includes at least one of local Wi-Fi, Bluetooth,Bluetooth LE, near field communications (NFC), infrared, RFID, ambientaudio, and supersonic audio communication.

A system for executing a business transaction from a commercial entity,such as a merchant, is provided. The system includes a computer systemhaving one or more physical processors configured by machine-readableinstructions to receive at a processor associated with the merchant avisual code representing information of a user, wherein the code isprovided by an output device for a processor associated with the user,and wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address, the centralized or distributed ledgerproviding a record of transactions; convert the code to the informationof the user; derive a public attest key by using the information of theuser; derive an attestation address using the public attest key; verifythe existence of the attestation transaction at the attestation addressin the centralized or distributed ledger; and upon verification of theexistence of the attestation transaction, complete the businesstransaction.

In some embodiments, the computer system is further configured bymachine-readable instructions to send a cryptographic challenge nonce tothe processor associated with the user; receive at the processorassociated with the merchant the cryptographic challenge nonce signed bythe user's private key; and verify user identity with the cryptographicchallenge nonce signed by the user's private key and the user's publickey.

In some embodiments, the code is a visual code displayed on a displayunit for a processor associated with user. In some embodiments, anoptical recognition device associated with the processor of themerchant, configured to optically recognize the visual code displayed onthe display unit for the processor associated with the user. In someembodiments, the visual code includes a barcode or a motion QR andoptical recognition device includes a camera or a scanner.

In some embodiments, the code is a signal transmitted by a short rangetransmitter for a processor associated with user. In some embodiments,the signal transmitted by the short range transmitter includes at leastone of local Wi-Fi, Bluetooth, Bluetooth LE, near field communications(NFC), infrared, RFID, ambient audio, and supersonic audiocommunication.

In some embodiments, the computer system is further configured bymachine-readable instructions to maintain a database of attestationtransactions, each attestation transaction relating to one or more itemsof information of the user, the attestation transaction includes anattestation address based on a public attest key, and wherein the publicattest is derived by combining a hash of the information with a user'spublic key generated for the information.

In some embodiments, the computer system is further configured bymachine-readable instructions to provide on the display unit apresentation for selection by the user of the one or more items ofinformation; receive a user selection of attested information; anddisplay a visual code representing the selected attested information.

In some embodiments, the processor associated with the user includes amobile device.

A method of providing verification of the identity of a digital entityis provided, the method being implemented on a computer system havingone or more physical processors configured by machine-readableinstructions which, when executed, perform the method, comprising:receiving at a processor associated with a user, information and apublic key of the digital entity, wherein the information has beenpreviously attested to in an attestation transaction stored within acentralized or distributed ledger at an attestation address, thecentralized or distributed ledger providing a record of transactions;deriving an attestation address using the information and the public keyof the digital entity; verifying the existence of the attestationtransaction at the attestation address in the centralized or distributedledger and verifying that the attestation transaction has not beenrevoked; sending a cryptographic challenge nonce to a processorassociated with the digital entity; receiving at the processorassociated with the user the cryptographic challenge nonce signed by thedigital entity's private key; and verifying the digital entity'sidentity with the cryptographic challenge nonce signed by the digitalentity's key.

In some embodiments, receiving at a processor associated with a user,information and a public key of the digital entity includes sending arequest to a processor associated with the digital entity a request forthe information and public key of the digital entity.

In some embodiments, the public key of the digital entity includes adigital certificate.

In some embodiments, deriving an attestation address using theinformation and the public key of the digital entity includes using theinformation to derive a public attest key.

In some embodiments, deriving an attestation address using theinformation and the public key of the digital entity further includesusing the public attest key and the public key of the digital entity toderive the attestation address.

In some embodiments, verifying that the attestation transaction has notbeen revoked includes checking to see if the attestation address existsin the UTXO cache.

In some embodiments, the digital entity is a website associated with aprovider of goods or services or a financial institution.

A system for providing verification of the identity of a digital entityis provided, the system includes a computer system having one or morephysical processors configured by machine-readable instructions toreceive at a processor associated with a user, information and a publickey of the digital entity, wherein the information has been previouslyattested to in an attestation transaction stored within a centralized ordistributed ledger at an attestation address, the centralized ordistributed ledger providing a record of transactions; derive anattestation address using the information and the public key of thedigital entity; verify the existence of the attestation transaction atthe attestation address in the centralized or distributed ledger andthat the attestation transaction has not been revoked; send acryptographic challenge nonce to a processor associated with the digitalentity; receive at the processor associated with the user thecryptographic challenge nonce signed by the digital entity's privatekey; and verify the digital entity's identity with the cryptographicchallenge nonce signed by the digital entity's key.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features and advantages of the devices,systems, and methods described herein will be apparent from thefollowing description of particular embodiments thereof, as illustratedin the accompanying drawings. The drawings are not necessarily to scale,emphasis instead being placed upon illustrating the principles of thedevices, systems, and methods described herein.

FIG. 1 is a diagram illustrating a system for providing attestation ofinformation, using a centralized or distributed ledger in accordancewith exemplary embodiments of the disclosed subject matter;

FIG. 2 is a diagram illustrating various protocols which may be used forthe attestation and verification of information in the system inaccordance with exemplary embodiments of the disclosed subject matter;

FIG. 3 is a flow diagram of one implementation of a process forattesting to information;

FIG. 4 is a flow diagram for one implementation of a process for theverification of information;

FIG. 5a is a flow diagram for one implementation of a process to revokesome or all of previously attested information;

FIG. 5b is a flow diagram for a further embodiment of a process torevoke some or all of previously attested information;

FIG. 6 is a flow diagram for one implementation of a method for creatinga user account for attestation;

FIG. 7 is a flow diagram for one implementation of a process for usingthe verification protocol for purchasing goods online;

FIG. 8 is a flow diagram for one implementation of using a visual codeto represent attested information;

FIG. 9 is a flow diagram for one implementation of a using a visual codeto process a business transaction at a commercial entity, such as amerchant;

FIG. 10 is a flow diagram for one implementation of a process for usinga verification protocol for logging into a website;

FIG. 11 is a flow diagram for one implementation of a verificationprotocol utilized for creation of a new user account at a website;

FIG. 12 is a flow diagram for one implementation of a method ofvalidating information during account creation;

FIG. 13a is a flow diagram for one implementation of a method fornotification of a user when information that belongs to that user isbeing used to attempt a transaction;

FIG. 13b is a flow diagram for a further implementation of a method fornotification of a user when information that belongs to that user isbeing used to attempt a transaction;

FIG. 14 is an illustration of a display presentation or identificationcard which includes various personal identification information for usein the system in accordance with exemplary embodiments of the disclosedsubject matter;

FIG. 15 is a flow diagram for one implementation of a method ofauthenticating the identity of a digital entity; and

FIG. 16 is a flow diagram for a further implementation of a method ofauthenticating the identity of a digital entity.

DETAILED DESCRIPTION

Methods and apparatus for use in providing authentication by an attestorof personal identification information of a user are described herein.In one illustrative example, the user's personal identificationinformation is received. Upon validation of this information, a firsthash function is applied to the user's personal identificationinformation to create a hash. A public attestation key is generated bycombining the hash of the user's personal identification informationwith one or more public keys which includes a public key of the user. Inone implementation, an attestation address is generated by applying asecond hash function to the user's public key. A signed transactionwhich includes the public attestation key is generated and communicatedfor storage in a centralized or distributed ledger at the attestationaddress. The signed transaction in the ledger may be verified by a thirdparty.

The embodiments will now be described more fully hereinafter withreference to the accompanying figures, in which preferred embodimentsare shown. The foregoing may, however, be embodied in many differentforms and should not be construed as limited to the illustratedembodiments set forth herein.

All documents mentioned herein are hereby incorporated by reference intheir entirety. References to items in the singular should be understoodto include items in the plural, and vice versa, unless explicitly statedotherwise or clear from the context. Grammatical conjunctions areintended to express any and all disjunctive and conjunctive combinationsof conjoined clauses, sentences, words, and the like, unless otherwisestated or clear from the context. Thus, the term “or” should generallybe understood to mean “and/or” and so forth.

Recitation of ranges of values herein are not intended to be limiting,referring instead individually to any and all values falling within therange, unless otherwise indicated herein, and each separate value withinsuch a range is incorporated into the specification as if it wereindividually recited herein. The words “about,” “approximately,” or thelike, when accompanying a numerical value, are to be construed asindicating a deviation as would be appreciated by one of ordinary skillin the art to operate satisfactorily for an intended purpose. Ranges ofvalues and/or numeric values are provided herein as examples only, anddo not constitute a limitation on the scope of the describedembodiments. The use of any and all examples, or exemplary language(“e.g.,” “such as,” or the like) provided herein, is intended merely tobetter illuminate the embodiments and does not pose a limitation on thescope of the embodiments or the claims. No language in the specificationshould be construed as indicating any unclaimed element as essential tothe practice of the embodiments.

In the following description, it is understood that terms such as“first,” “second,” “top,” “bottom,” “up,” “down,” and the like, arewords of convenience and are not to be construed as limiting termsunless specifically stated to the contrary.

Described herein are devices, systems, and methods for identityverification, risk reduction for transactions, and authentication ofdata. Although the following description may emphasize devices, systems,and methods for personal information authentication, the implementationsmay also or instead be used for other types of entity authenticationssuch as authenticating an autonomous vehicle, a robot, and so forth.Further, the devices, systems, and methods described herein may beadapted for use for authenticating life forms other than humans,including without limitation, pets, wildlife, livestock, and the like.More generally, the systems may be adapted for use with any corporation,company, entity, life form, moveable item, or the like that might beusefully present itself for verification and so forth. In animplementation, any datum or anything that is capable of beingauthenticated, verified or proven can be used in the various devices,systems, and methods discussed herein.

In several embodiments, the devices, systems, and methods are applied tothe “Bitcoin” network which provides a digital cryptocurrency system.However, the devices, systems, and methods may in other embodiments beapplied to other suitable networks and environments as well.

Some examples of the various participants in the system are describedbelow.

A user may include without limitation a living person, a citizen, alegal entity, an autonomous vehicle, an autonomous device, a robot, acorporation, an organization, a company or partnership or other legalentity that can execute contracts, an agent or representative, anambassador, a state, a city, a nation, a county, a party to atransaction, a group, a military, a government, a household, and thelike. A user may also be an entity who cannot enter into bindingcontracts by statute or who has another set of rights different from anatural person. A user may also or instead include a child, a minor, aninfant, a pet, an animal, a living thing, a collection of cells, anorganism, or the like. A user may be an inanimate object, a parcel, anair, a sea, a land, a space craft, and the like.

An attestor may include without limitation an attestation site ordevice, a company, a person, a computer-implemented algorithm, adecentralized computing system, and the like. An attestor may include acountry, a government, a society, a tribe, a hospital, a birthingcenter, a census bureau, a parent, a creator, a source, a witness, aneighborhood, a district, a town, a county, a state, a prefecture, astate, a province, a nation-state, a nation, a parliament, a militaryorganization, a family, a community, a government, a militia, a policeforce, a group, a faction, a club, an ambassador, an embassy, a home,and the like. An attestor may also or instead include an independentthird party observer, a natural person, an artificial person, a machine,an online service, a software service, an online application programinterface (API), a client-server application, a desktop application, amobile application, and the like.

A validator may include without limitation a validation site or device,any user or attestor, a border agent, a peace officer, a military post,an officer, a Transportation Security Administration (TSA) agent, ahotel clerk, a merchant, a transaction partner, a seller, a buyer, acredit verification agency, a bank, a store, a partner, a companion, anemployee, an employer, and the like. A validator may include someone orsomething into which a relationship has been entered. A validator mayinclude someone or something into which a relationship is stillprospective. A validator may include a potential personal partner ormate. A validator may include without limitation an identity validationservice provider, a biometric device, any entity who knows a userpersonally, a notary, a credit reporting agency, a government, a school,a relative, another user, and the like. A validator can also be a robot,and autonomous vehicle, and the like. A validator may include withoutlimitation someone or something that confirms the validity, accuracy,ownership, or other proprietary aspect of information or propertybelonging to a user.

A merchant may include without limitation a place of business orcommerce that offers products or services to users or other merchants,and who has a need to know with certainty that the user is authentic,and/or that the information presented by the user is authentic andbelongs to that user, and/or that the property that the user claims tobe their own actually belongs to the user. An identity validationservice provider may include without limitation a person or object orbusiness that provides the service of confirming a user's informationthat the attestor will attest to is valid and real and belongs to theuser.

A digital wallet is a collection of keys that controls digital assets orfunds. It may allow a user to make electronic commerce transactionseasily and securely. A digital wallet may support a multisig script, inother words the wallet may be able to take multiple keys to create anattestation address. A digital wallet that will support multiple keyscan be called an M-of-N digital wallet. Such a wallet accepts N distinctkeys from N different parties, and M of these keys are sufficient inorder for the digital wallet system to compute the encryption key inorder to perform a transaction. An example of an M-of-N digital walletis a 2-of-3 digital wallet. M and N can also be the same number, i.e.one (1).

A digital wallet provider is a provider that stores a user's digitalwallet on the user's behalf, usually on a remote server, so that theinformation is easily accessed from anywhere. For the purposes of thisapplication the user can also have their own custom digital wallet thatcan exist on their own phone or device and not on a remote server.Additionally, the user's own digital wallet can be backed up to athird-party website or service. A third-party cosigner is a party thatparticipates in making a transaction with a multisig wallet thatrequires signatures from M of N keys before the attestation is finalizedand broadcast to the blockchain network.

A site may include without limitation a website, a cloud service, aserver, a distributed cloud service, a SaaS application, a decentralizedapplication, a hosted service, an application, a mobile application, orthe like. A site may include a banking site, an e-commerce site, amerchant site, a governmental site, a personal site, a social networkingsite, a messaging site, a search site, a news site, an information site,or the like. A site may include a physical location where a transactionis attempted in person, such as a retail establishment. When a site is aphysical location, data may be sent between devices without a local orwide area network, for example through personal area networktechnologies such as Bluetooth, Near-Field Communication (NFC), sounds,the use of special cryptographic images that get scanned on the screen,and the like. Information may also be sent through wide area networks,such as cellular and other wireless networks. At a site that is aphysical location, the exact same mechanism can be used to connect thetwo end points together, for example where a Quick Response (QR) codetells the device which endpoint to send identity data to. A site that isa physical location may use web based devices, applications, or otherdevices onsite to read and confirm identity so that it is essentiallythe same as if it was being done online. A site may also include alocation or destination in a virtual world, or may exist in an overlaycreated with an augmented reality system. A site may move with themotion of a user or be stationary and fixed with respect to a map. Asite could be anything or anywhere you want to be identified, forinstance a place, real or virtual, where you need to show identity oruse identity. Further examples include a Border Crossing or CustomsEntry point, a security checkpoint for travel, such as a TransportationSecurity Administration (TSA) Agent/Checkpoint, a Global Entry Kiosk,and the like. A site may also include specialized systems for comparingdata with private databases. For example, at a border crossing site,images that might represent for example a person's fingerprints, may bestored on a phone and then transferred via a secure data transfermechanism. The site could use these images as though the person hadactually been onsite.

An application, also called an app, may include without limitation anymobile, desktop, kiosk-based, cloud-based, home, enterprise, server,client-server, SaaS, embedded, neural, microcontroller-based,firmware-based, chip-based, chemically-executed algorithms, software,procedures, methods, or techniques or the like running on a computingplatform that can execute instructions and process inputs to produceoutputs. An app may run on a smartphone, tablet, laptop, desktop, in awatch, in a headset, an automobile, a kiosk, a wearable device, asubdermal computing implant, a smartcard, a SIM card, a microcontroller,or the like.

A communication channel is any method of exchanging information betweentwo parties. This could include a wired link, a wireless link, a personto person wireless link such as Bluetooth or NFC, or an in-personexchange. It is understood that there is a plethora of differentprotocols that can be used to exchange information over a communicationchannel. A preferred communication channel is the communication channelthat a user chooses to use before trying other communication channels.The preferred communication channel may be context or circumstancedependent.

Information may be or include personal information, personalidentification information (PII), data or user data, and may includewithout limitation any personally identifying data or representations ofpersonal information. Personally identifiable information (PII), orsensitive personal information, especially as used in U.S. privacy lawand information security, is information that can be used on its own orwith other information to identify, contact, or locate a single person,or to identify an individual in context. Personally identifiableinformation may include one or more information items, including fullname, home address, telephone number, social security number (SSN),credit card numbers, date of birth, birthplace, driver's license number,e-mail address, national identification number, passport number, userID, login name or usernames in messaging, social media, and otherapplications, passwords or personal identification numbers (PINs), IPaddresses, vehicle registration plate number, face, fingerprints,retinal scan, handwriting samples, biometric data, digital identity, andgenetic information.

Information may include physical documents representing personalinformation, such as passports, social security cards, green cards,driver's licenses, college degrees, diplomas, training certifications,marriage licenses, court documents, titles, deeds, chains of title, andthe like. information may include the data contained in physicaldocuments, the data represented by those documents, any data proven bythose documents; the identity of a person, the names of a person; thestatus of a person with respect to statutes such as minor, adult,emancipated minor, resident alien, citizen, dual citizen, male, female,uni-gendered, bi-gendered, non-gendered, veteran, retiree, pensioner,alumni, widower, parent, child, relative, indigenous race, native,protected class, member of a club, group, society, or service, and thelike. information may also include authenticating metadata about anysuch personal information, proofs or attestations from others about thevalidity of that information, and the like.

As is known in the art, asymmetric or public key cryptography usespublic and private keys to encrypt and decrypt data. The keys are largenumbers that have been paired together, but are not identical, and arecalled a cryptographic asymmetric key pair. One key can be shared witheveryone, and this is called the public key. The other key in the pairis kept secret, and is called the private key. Either of the keys can beused to encrypt a message; the opposite key is used to for decryption.Different system participants all may have a public key. For example, anattestor may have a public key, a verifier may have a public key, and athird-party cosigner may have a public key.

A cryptographic hash function or “hash” is a mathematical algorithm thatmaps data of arbitrary size to a bit string of a fixed size. It isdesigned to be a one-way function. The only way to recreate the inputdata from an ideal cryptographic hash function's output is to attempt abrute-force search of possible inputs to see if they produce a match.

A digital cryptocurrency is a medium of exchange similar to normalcurrencies, but designed for the purpose of exchanging digitalinformation. Cryptography is used to secure the transactions and tocontrol the creation of new units of currency. The first, and best knowncryptocurrency is Bitcoin.

Digital cryptocurrency dust or “dust” refers to a very small or thesmallest possible transaction. Too many very small transactions wouldcongest network resources, so the network typically charges atransaction fee to process small value transactions. In the context ofthis application, dust is the smallest possible value required in orderto achieve a transaction. It may not be a fixed amount. This smallcurrency amount is distinct from the transaction fee. Dust refers onlyto the minimum financial amount of cryptocurrency as per the rulesassociated with the specific distributed ledger (for example, but notlimited to, the Bitcoin network). The fee charged for processing such atransaction might be a fixed fee or might be a percentage of thetransaction size or may be determined by some other method. Somedistributed ledgers might not have a minimum transaction size and mightnot charge a transaction fee. In general, dust may have no financialvalue and could be any parameter that is required for a validtransaction to propagate through the network.

A transaction is used to transfer an amount of cryptocurrency (e.g.dust) that contains all necessary attestations, moving data betweendifferent keys or different digital wallets. A transaction is always forthe purpose of creating new hashes and putting them in a user's digitalwallet, or for revoking previously-attested data and removing such datafrom a user's digital wallet.

A digital ledger is a digital record of who-owns-what. A centralizedledger or centralized database is a system where data is stored in amaster database with a single point of control. There is a gatekeeperparty that alone acts on behalf of clients to modify the system state.Bitcoin makes use of a distributed ledger called a blockchain. Adistributed ledger is fundamentally different from a centralized ledger.In a distributed ledger, any party on the network has access to theledger. Authorization, rather than being a function that is added ontothe system at the end, is built into the lowest level of the stack. Thedistributed ledger is replicated among many different nodes in apeer-to-peer network, and a consensus algorithm ensures that each node'scopy of the ledger is identical to every other node's copy. Asset ownersmust use cryptographic signatures to make transactions on a digitalledger.

An attest key is a key that is created using hashed data which consistsof or is derived from information, combined with a public key. Theinformation that is hashed and used to create the attest key may besomething as simple as the user's name. In one embodiment, the hasheddata used to create the attest key may be a combination of information,such as a user's name and date of birth. In one embodiment, the hasheddata used to create the attest key may be comprised of derived data. Forexample, the user information may include a person's date of birth, andthe hashed data includes not only the date of birth, but also astatement or indication that the user's age is greater than 21 years.The creation of the hash of the data for the attest key may be performedusing a merkel tree solution, a one-way accumulator, or any othersuitable cryptographic algorithm that could create a one-way orirreversible hash.

A public attest key combines the aforementioned hashed data, comprisingor derived from the user information, combined with a public key.

A private attest key combines the aforementioned hashed data, the datacomprising or derived from the user information, combined with a privatekey.

An attestation address is the address at which the transaction can befound on the distributed ledger. For a single signature transaction, ahash function can be applied to the public attest key. In someembodiments, the hash function is the P2PKH algorithm. An attestationaddress may be a multisig attestation address, which in oneimplementation is a result of the public attest key being signed withthe attestor's public key and the public keys of all cosigners accordingto an M of N multisig redeem script cryptographic signing protocol.Potential cosigners can include, but are not limited to, the walletprovider, the attestor, and the recovery public key for the user'swallet. Funds sent to the attestation address may only be spent orrevoked if M-of-N cosigners sign a transaction spending from theattestation address. In another implementation, the multi signatureprocess is achieved by creating a contract stating the number of andactual public keys required. In another implementation, a multisigattestation address comprises two or more public keys and is createdusing the Pay to Script Hash (P2SH) protocol. According to someembodiments, a redeem script is generated using the public keys of themultiple signatories, the resulting redeem script is serialized tocreate a serialized output. A hash function, such as the SHA256algorithm, is applied to the serialized output to create a second hash.Subsequently, a further hash function, such as the RIPEMD160 algorithm,is applied to the second hash to generate the attestation address.

A digital signature is used to verify a message. The attestation addressis a digital signature. A party can check that the attested informationis genuine by hashing the message with a public key, verifying that asignature was produced from a party controlling a private key that isrepresented by a known public key. This is a standard implementation ofECDSA to compare signatures. A certificate may be used to bind publickeys to persons or other entities, i.e. to provide assurance that thepublic key belongs to the entity. The certificate itself is typicallysigned by a trusted third party or Certificate Authority (CA), forexample, Verisign.

A cryptographic nonce is an arbitrary number used only once in acryptographic communication. The nonce may be a random or pseudorandomnumber, or may include a timestamp to ensure that the nonce is only usedonce. The cryptographic nonce may be used to introduce more entropy intoa hash. Hashed user data which is used to create the attest key may beplaced in a predetermined or standardized format for consistency forwhen it is hashed again in the future.

Various novel system protocols will now be described. In the context ofthe devices, systems, and methods described herein, a user may haveinformation they wish to convey to another party, with the desire thatthe other party trust or rely upon the validity of the information. Toestablish this trust, the user and the other party may participate in aninformation delivery protocol that assists the other party in decidingif the user's information is authentic, valid, or actionable. The otherparty may perform a verification protocol as part of the informationdelivery protocol.

In an aspect, an attestation protocol may be performed by an attestor toattest to the validity of the information provided by the user. Theattestor may perform the attestation protocol, in order to authenticatethe user's information and to create an attestation transaction on acentralized or distributed ledger, which serves as a certification thatthe user's information has been authenticated. As part of theattestation protocol, the user's key is serialized and available in theattestation transaction. Just as a traditional Certificate Authority maybe considered a form of key exchange, the protocol can be used forephemeral key exchange, as is used in encrypted communications. As partof the attestation protocol, once an attestor has learned and hasvalidated the identity of a user and/or the user's information byperforming a validation protocol, the attestor may certify the user'sinformation and associate it with the user's validated identity by usinga signing protocol, which creates an attestation transaction comprisingthe user's information onto a centralized or distributed ledger.

In one embodiment, the attestation protocol requires the attestor toapply a cryptographic hash function, such as the SHA256 cryptographichash function, to data comprising some or all of the user's informationor data derived from some or all of the user's information. The attestorthen combines this “hash” of the data derived from the user'sinformation with the user's public key to create the attest key. As partof the attestation protocol, a validation protocol may be performed by avalidator. The validation protocol describes how the validatorauthenticates the information provided by a user to an attestor. Thevalidator may, for example, inspect the information provided by theuser. The validator may employ multi-factor authentication to ascertainthat the user controls the user's provided communication channels. Thevalidator seeks to establish a degree of confidence that the user is whothey claim to be, or that the information the user wishes to convey toanother party is authentic, or that the user has control or possessionover the property or rights they assert. The attestor may perform therole of the validator, or the validator may be a third party, distinctfrom the attestor and the user. In one embodiment, both the attestor anda third party may perform different functions of a validator. Theattestor may, as part of the attestation protocol, with or without thecooperation of a third-party cosigner, create an attestation transactionon a centralized or distributed ledger representing the attestor'sattestation to the validity of the user's information. Where there is nothird-party cosigner involved in the attestation protocol, the locationof the attestation transaction in a centralized or distributed ledger iscalled the attestation address. Where there is one or more third partycosigners involved in the attestation protocol, the location of theattestation transaction in the centralized or distributed ledger may becalled the attestation address or the multisig attestation address.

When some user information has already been attested to, and now theuser wants the attestor to attest to more information, the novelapproach allows for an addendum to be added to the already attesteddata. Because of how the attest key is generated, the user informationis contained in a record which is a transaction that can be spent. Inorder to modify this attestation, the transaction can be spent back tothe same address and can be combined with new information into a newtransaction. In one embodiment, an entirely new transaction can beentered onto the distributed ledger, which would allow the changing ofdata that was previously attested to.

Similarly, if the user wanted to revoke only part of the attestedinformation, then the transaction may be revoked by spending the dust,and a new transaction with updated user information may be written. Thisallows attested information to change, for instance, if the user movesand has a new home address, or changes their telephone number.

As described earlier above, the creation of the hash of the data for theattest key may be performed using a merkel tree solution, a one-wayaccumulator, or any other suitable cryptographic algorithm that createsa one-way or irreversible hash. This is effectively the data model forcreating hashes representing the data being attested to. This allows forthe storage of multiple attestations, and variations of theattestations, in a single transaction. For example, one may store abirthdate, as well as day, month, and year, all within a single hash,yet provide only the one requested plus all the other hashes to resolvethe hash that is ultimately stored. Revoking or editing doesn't changehow this works. For example, if one needed to update the address, acompletely new transaction with the updated address would be created andcompiled using one of the specified hashing algorithms, which revokesthe old data. The dust is spent at a new address in the user's control.This effectively revokes the old data (as it will now be spent) andcreates a new attestation. Revoking a part of a key transaction isexactly the same as compiling a new hash with only the attested data,but excludes the revoked components from the tree or accumulator orother utilized mechanism. Advantageously, the use of either merkeltrees, accumulators, or other suitable mechanism allows for a reductionin or minimization of the number of transactions required to store theattestations on the ledger or blockchain. This is not required, however,and could also be done by simply creating a hash for each individualitem being attested to. One could imagine, however, that if an examplecontaining age and various components of a birthdate, one would need atleast five individual transactions instead of just one transaction.

The current state of the art for storing data on the Bitcoin blockchainis to use OP_RETURN. OP_RETURN is a script opcode used to mark atransaction output as invalid. Since the data after OP_RETURN isirrelevant to the payment system of Bitcoin, arbitrary data can be addedinto the output after an OP_RETURN. Currently, the default Bitcoinclient relays OP_RETURN transactions up to 80 bytes, but does notprovide a way for users to create OP_RETURN transactions. Some membersof the Bitcoin community believe that the use of OP_RETURN violates thecontract of Bitcoin, since bitcoin was intended to provide a record forfinancial transactions, not a record for arbitrary data. The practiceusing OP_RETURN continues for now because OP_RETURN is reasonablyefficient in terms of data bytes stored as a fraction of blockchainspace consumed. However, one drawback is that there is a strongsentiment against using certain blockchains for the purpose of storingdata. This means that the tolerated but invalid transaction may notalways be available for use.

In contrast to storing data with use of OP_RETURN, storing informationin an attestation transaction as described herein has the significantadvantage that it is safeguarded against changes in the bitcoinprotocol, as theoretically the bitcoin community could remove theability to use OP_RETURN.

An additional advantage of using the attestation protocol to storeinformation relates to the unspent transaction output cache. WhenOP_RETURN is used, there are no entries created in the unspenttransaction output (UTXO) cache. This makes it much harder to locate theinformation on the blockchain. Additionally, since there is no currencyassociated with this transaction, once the transaction is on theblockchain, it only represents data and can no longer be spent.Therefore, the data cannot readily be revoked or updated. In contrast,storing information in an attestation transaction as described hereinhas the significant advantage of making it easier for people to check ifa transaction is still valid. In order to find a valid transaction, aparty simply has to look in the UTXO cache. If the transaction can befound there, then the transaction (i.e. the attestation) is still valid.

On the other hand, transactions using OP_RETURN to store data cannot bespent, as they are not actually valid transactions. Therefore, the dataassociated with OP_RETURN do not exist in the UTXO cache. That means, inorder to revoke information that was stored using OP_RETURN, arevocation OP_RETURN transaction would have to be placed on theblockchain (and the party would need to know how and where to find it)or a third-party system would need to be referenced. In other words, theonly way to revoke or update data stored on the blockchain usingOP_RETURN is to find another similar record on the blockchain thatupdates the first record, which would be difficult and time consuming.

One novel technique described in the present disclosure realizes adifferent way of storing data on a blockchain, through the creation anduse of an attest key. The attest key approach described herein iscompatible with the secure bitcoin blockchain system, and with allexisting standards as well as the Bitcoin Implementation Protocol. Thismeans that the attest key approach, because it doesn't violate anyprotocols, is viable today and permanent. The attest key approach isalso usable with other distributed ledgers.

Furthermore, the attest key approach is inexpensive. In hashing userinformation with a key to create the attest key, which is a new key, thelength of the data record is not increased. Storing a longer data recordwould mean that one would need to pay more to have the record processedsuch that it could be added to the blockchain. Another advantage isUnspent Transaction Outputs (UTXO) as previously described. To keeptrack of the pool of UTXOs, you only need to store a subset of thedistributed ledger, which is a big advantage for mobile or portabledevices. In another aspect, use of an attestation protocol, a validationprotocol, a verification protocol, or any combination of theseprotocols, may reduce the complexity of a user logging into sites andperforming transactions between users and site owners. A user attemptingto log in to or create a new user identity or authenticate an existinguser identity at a site may use an application to log into the site.Using the application, the user may perform this function by scanning orrecording still or animated content at that site, provided by the site.That action immediately just logs them into the site and passes the siteall the data that it requires. As this data is attested to, the site isable to verify the information using the verification protocol, and thenknows it is getting authenticated information (the information isauthenticated by the attestor who signed the attestation transaction onthe distributed ledger). Because the information is attested to, thesite can trust the information more, which reduces or eliminates theamount of verification that the site needs to do. This also means thatthe user experience is simplified as they don't have to type all theinfo again to do things like open accounts, enter financial information,etc.

In another aspect, an attestation protocol and/or a validation protocoland/or a verification protocol may be used to transfer data belonging toa user. One example might be a user's medical records. These records maybe tied to the user and stored on the user's mobile device. The user canuse the protocols described herein to send this information to arecipient. In general, the protocols described herein can be used totransfer any data for any purpose in a trusted and secure manner.

User information does not always have to be authenticated by a thirdparty attestor. Self-attestation of information is possible, and anyinformation can be transferred using the protocols described herein. Itis up to the recipient of the data to decide what level of trust isrequired for each item of data received. The data transferred does nothave to be attested to in any way on the blockchain, as that is neededonly in the case when the user wants to verify independent attestation.

In another aspect, a user goes to make a business transaction, forexample but not limited to, purchasing a product at a site where theuser does not have an account and does not want to open an account. Thesite may be, for example, a store or an e-commerce site. The sitedisplays an icon or other indication that the user may make theirbusiness transaction or purchase using the attestor. The site maydisplay a barcode or a QR code or some other code that can be scanned bya user's device, or the site may otherwise communicate with the user'sdevice. If the site displays a code that can be scanned, the user mayscan the code with their mobile device. The user may open an applicationfrom the attestor to scan the code. The user may have an attestorapplication that is running in the background and that can detect ifthere is direct communication between the site and user's device.

The user's device, through the attestor application or through othermeans, establishes a direct link to the site that is looking to verifythe user to allow the user to make the business transaction or purchase.The direct link may be a URL. Through this direct link between the userand the site, the user's information and the user's public key aretransferred from the user to the site. Through this direct link, thesite sends a cryptographic challenge nonce to the user for the user tosign with their private key, and the user sends the signed cryptographicchallenge nonce back to the site. The site is able to use the signednonce and the user's public key in order to verify that the user is incontrol of the private key that was used to sign the original attestedinformation. The site is further able to combine the user's informationwith the user's public key to create a public attest key, and then isable to use this public attest key to create an attestation address, andthereby verify the existence of the original attestation transaction onthe blockchain. The site is therefore able to approve the businesstransaction or purchase, where the user did not have to open an account.

The user may also or instead receive, from the site, informationidentifying that site by another means, such as but not limited to a QRcode or a moving image, for example audio, a wireless networkingprotocol, radio frequency signals, or visual spectrum data transmissiontechniques. The user may also or instead enter an address such as auniform resource locator (URL). The application may allow the user toselect only the user information they wish to provide to the site, orthe application may tell the user what specific information the site isrequesting and enable the user to allow that information to be providedto the site. The user may, using an application or directly with thesite, according to a verification protocol, provide the specificinformation and public keys to the site and the site may, following theverification protocol, be able to immediately and without requestingfurther information from the user, allow the user to log in, create anew user identity, or authenticate an existing user identity with thesite. The site may be able to allow these or other user functions, suchas the transfer of data, without consulting any attestor directly,because the verification protocol may not require involvement of anattestor at the time that user verification is needed, yet theverification protocol may provide a provable, auditable positiveverification of the authenticity of the user's information.

In another aspect, because of the ability to incorporate multi-partysigning in the attestation protocol, a site may still be able to verifythe authenticity of a user's information if an attestor's security iscompromised and even if an attestor ceases to operate, e.g., due tobankruptcy or abandonment. A site may be able to continue to locate anattestation transaction in the centralized or distributed ledgeraccording to a verification protocol until such time as the attestationof the user's information is revoked via a revocation protocol.

In another aspect, an attestor may, in cooperation with a user, or incooperation with a third-party cosigner to the user's attestedinformation but not alone, use the revocation protocol to revoke anattestation for a user's information. A user can do this withcooperation of an attestor or a third party, and a third party can do itwith cooperation of the user or the attestor. In general, transactionscan require M of N signatures, or just one signer. It may be the casethat an attestor does not want to have revocability, and leaves itentirely up to the user to manage and revoke their information. In thiscase, the attestor simply sends a standard transaction to the user. Inone embodiment, the attestor might want multiple parties to have toconcur when revoking an attestation, for example 3 of 5 parties.

In another aspect, even if an attestor is compromised, no fraudulentattestations of user information may be performed because an attackerstill lacks the user's and third party cosigner's private keys. In otherwords, even if someone got control of the attestor's keys to signtransactions, they couldn't independently go and issue fraudulentattestations on the distributed ledger because they would need a secondsignature in order to do so. The second signature would be that of thethird party digital wallet provider or the user who owns the data.

The verification protocol is now described. A user may submitinformation to a third party in response to a third-party data request,and the third party (the verifier) needs to verify the authenticity ofthis user information. The verifier may, without a need to contact acentral provider of trust, employ a verification protocol to verifyinformation provided by a user, where the user has previously had theinformation attested to by an attestor as part of an attestationprotocol. Using for example, one or more of an application, a website,and an attestor API, the verifier may satisfy itself that theinformation provided by the user is authentic by re-deriving theattestation address of an attestation transaction, and seeing that theattestation transaction exists in the centralized or distributed ledgerat the attestation address. A verifier may provide unique,time-sensitive information, such as a cryptographic nonce, to the userwho then may sign the information using the signing protocol with theuser's private key as may be required. The verifier may, in this way,ascertain that this attested information belongs to the user or that theuser's private key is in the current control of the user. The verifierascertains this by verifying the signature using the public attest keycorresponding to the attestation transaction associated with the user'sinformation. The attestation transaction should spend some amount to theattestation address, confirming that the transaction is signed by atrusted attestor's key, which affirms that the transaction in thecentralized or distributed ledger is valid, and that the proffered userinformation is authentic.

In another aspect, a user may want to keep track of when theirinformation is accessed or used and may want to be able to proactivelyauthorize or deny the invocation or use of that information. Anattestation site, website, or application controlled by an attestor mayallow a user to register and create an identity and to submit theirinformation such as a social security number. The attestor may performan attestation protocol in order to authenticate the user's informationand to create an attestation transaction on a centralized or distributedledger, which serves as a certification that the user's information hasbeen authenticated. The attestor may also perform a validation protocolto ascertain that the user is not fraudulent and that the submittedinformation is authentic. The validation protocol may use third partyIdentity Validation Service Providers such as ThreatMetrix® toauthenticate the user's information. An attestation site website, orapplication controlled by an attestor, performing a validation protocol,may call, text, phone, message, or send physical mail to addressesprovided by the user. The attestation site, website, or applicationcontrolled by an attestor performing a validation protocol may receivepictures or scans or radio frequency identification (RFID) readouts orinfrared captures of user's identifying documents. An attestorperforming a validation protocol may receive authenticated informationor biometric information from a device, which could be a user device, orperhaps a fingerprint reader at an FBI certified fingerprint collectionpoint, which may be an attestor.

An attestation site, website, or application controlled by an attestormay provide an API to other third party sites so that the third-partysites can notify a user via an attestor application or website, in aproactive manner, when the user's information is being accessed. Forinstance, a bank site may be allowed to get a hold of a user by sendingthe SSN of the user to the attestor. Because the attestor has an app keyfor the user, the attestor can send the user an alert over acommunication channel saying that their SSN is being used.

As an example, a user may attempt to apply for credit at a banking siteonline or offline. A user may provide a social security number (SSN) tothe banking site. The banking site may use the attestation API to submitthe SSN to the attestor. The attestor may use preferred contactinformation it has for the authenticated user of that SSN in order toreach out to that user and verify that the user intended to apply forcredit. The attestor may require the user to affirmatively communicate aresponse to the attestor or to the third party (in this case the bankingsite) authorizing or denying the application for credit.

In another aspect, any of the attestation protocol, validation protocol,or verification protocol described herein may be used instead of atraditional certificate authority (CA) vendor. More broadly, thesemethods and protocols are generally used for attesting to theauthenticity of a company and putting this attestation on a centralizedor distributed ledger. Issuing an identity for a company does not haveto be purely for replacing CAs. The process of validating a company andputting it on the blockchain could have many applications which includebut are not limited to using the attested company data in webtransactions in place of a standard certificate. More generally, anyentity can have information validated and attested to and stored on acentralized or distributed ledger in this way, and any two entities canuse the verification protocol as a way to communicate information toeach other in a way that can be trusted. In some embodiments theseprotocols and methods can be used from website to website, from a serverto an API, from one appliance to another appliance, and so on. The userand parties described herein are non-limiting examples of the possibleuses of these methods and protocols, and the protocol works for any useror party that has a need to prove its identity.

The attestation transaction that an attestor and user creates usingthese protocols may be used to provide a prospective communicationpartner or transaction partner with positive identification of a digitalentity, such as a merchant website or financial institution, in lieu ofa central authority. As a result, participants in a transaction orcommunication using the protocols described herein may be able to usekey exchange techniques as known in the art and thus establish encryptedcommunication without relying on a CA vendor. For example, the attestormay provide an identity to a site, and then a user would be able to usethe exact same mechanism to identify the site as valid, in the same waythe CA certificates are trusted now. For example, an attestor maycombine the company name and other company information to create anattestation transaction at an attestation address. The attestorvalidates the company's credentials and ensures the company islegitimate, and the attestation transaction becomes proof that thiscompany has been validated by an attestor. The company may then put theinformation used in the attestation on its website. A user that wants toverify the company's identity may use the information that the companyputs on its website and the verification protocols described herein tocheck that the attestation transaction exists at that attestationaddress. This technique obviates the need for a certificate revocationlist (CRL) or the use of the Online Certificate Status Protocol (OCSP).Company information can be attested to in the same manner that personalinformation can be attested to. According to the disclosed system andmethods described herein, company would apply to an attestor forattestation, instead of conventionally applying to a certificateauthority. The attestor would validate the company information andcreate an attestation transaction using the company's public key (theircertificate) and the company information. The company could then, forexample, display a code on their website which indicates that theircompany has been attested to via an attestor. In one embodiment, thecompany would also put the information that has been attested to ontheir website. In one embodiment, nothing would be displayed on thewebsite. The website would pass the company details to the user'sbrowser. In one embodiment, the user's browser would be updated tosupport the verification protocol or a plugin would have to beinstalled. The user's browser would receive the information from thewebsite (i.e. company name, etc.). In one embodiment, the transactionwould be initiated by the user's browser. The user's browser may send anonce to the company's site and request the site to send the companyname, the signed nonce plus any additional details needed. The companysite would send these details. The user's browser would use theverification protocol to recreate the attest address as described hereinin order to establish the validity of the information received. In oneembodiment this would be an automated process without a need foraccepting of the transaction or any manual intervention. In oneembodiment the user may use the signed cryptographic challenge nonce toverify that the company is in control of their private key, usingmethods as are known in the art. Any of the above steps may be performedby an attestor on behalf of the user or the company. In one embodiment,the company information that is used to create the attest key isstandardized, in that way the information that any company would use tocreate an attestation transaction to represent their validity isconsistent with respect to data fields and types.

In another aspect, any of the attestation protocol, validation protocol,or verification protocol described herein may be used in conjunctionwith established centralized or distributed ledger features ofcryptocurrency and blockchain to record attestation transactions. Twoparties wishing to exchange a good or service or title might ordinarilywish to record such a transfer in a centralized or distributed ledger,but the parties lack certainty or assurance that the other party are whothey say they are, or that the other party actual owns the good or canoffer the service or possesses the title. A user may use the protocolsdescribed herein to provide attested proof of their identity and tofurther provide attested proof of ownership or control, therebysatisfying all the conditions required for the exchange to proceed.

In another aspect, users may create accounts with an attestor and createattestation transactions in person. A kiosk or station, similar to anautomatic teller machine, may be situated in a bank or supermarket orother retail location. This kiosk may serve the function of an attestor,a verifier, a validator, or may implement all of these functions. usersdesiring to create an account with an attestor and create attestationtransactions with their information may use the kiosk, which would allowthe user to participate in attestation protocols or validation protocolsby entering contact information and/or by presenting other verifyinginformation or identity-proving documentation. The attestor kiosk orstation may be equipped with a front-facing camera so that the user maybe photographed in order to use facial recognition techniques as part ofthe validation protocol. The camera may be used in order to establish areal-time video conference between the user and an attestor or validatorlocated remotely from the kiosk. For example, a remote validatorperforming the validation protocol may use, for example, a set of creditbureau challenge/response queries, based on the user's social securitynumber or any other national or regional identification number, in theexecution of the validation protocol to authenticate the user. As partof the validation protocol, the user may type in or speak the responsesto the challenge/response queries. The user may hold up identitydocuments to the camera. The user may also be required to insertidentity documents into specialized readers that can read documents suchas passports, driver's licenses, or other identity documents. Theattestor kiosk or station may use a combination of automated frauddetection and remote user intervention or interaction. The attestorkiosk or station may employ a remote attestor or validator withouthighlighting that fact to the user seeking authentication, for examplein order to supervise the activity of the user presenting identitydocumentation.

Upon successful completion of the validation protocol for the user, theattestor kiosk or station may trigger the creation of one or moreattestation transactions that attest to the validity of the user'sinformation that could be positively authenticated. Specific informationabout the newly created attestation transactions may be sent to the userusing any of the user's communication channels, or may be presented tothe user on the screen of the kiosk. The attestor kiosk or station maypresent a QR code or other motion code to the user, prompting the userto download an attestor's application on the user's mobile device. Theuser may then use the attestor application on their mobile phone ordevice to scan additional QR or motion codes in order to receive anygenerated public keys, private keys, or public or private attest keysrelated to the one or more attestation transactions of theirinformation.

In one embodiment, the attestor kiosk or station may cause the user toinstall the attestor's application before attestation protocol andvalidation protocol is initiated, such that, for example, the user'sinformation and any private keys required for the attestationtransaction are generated and stored only on user's mobile device andnot in the kiosk and not at the attestor. The attestor kiosk or station,or the attestor application may cause the user to install a digitalwallet application on the user's mobile phone or device. The publickeys, private keys, or attest keys may be stored in the user's digitalwallet. The user's information may be stored in the user's digitalwallet. If the user has more than one digital wallet application, theuser may be prompted to choose the digital wallet in which they want tostore the keys and/or the information, and the aforementioned functionsmay instead be implemented by an in-person teller instead of a kiosk.This in-person teller may act as a validator and/or an attestor.

Examples of notification systems will now be discussed. In the contextof the devices, systems, and methods described herein, an attestor mayhave an attestation site or application which may provide an attestationAPI to allow authenticated users (users for which an attestationtransaction on a centralized or distributed ledger exists) to becommunicated to by other sites which have a need to collect or verifyspecific information about that user. The attestation API may provideaccess to the attestation site or application or a different site or webservice that enables merchants or banks or other users to offer extrasecurity or other services when performing transactions withauthenticated users. When a user attempts a transaction with a merchantor bank or other user, for example applying for credit, the user mayprovide to the merchant, bank or other user their attestation site orattestor information in lieu or providing the personal information, forexample their ordinary contact information, their address, theirbirthdate or their social security number. The attestor application onthe user's mobile device may provide the attestation site or attestorinformation to the merchant, bank or other user in lieu of the userproviding this directly.

In one embodiment, the user may provide their attestation siteinformation in conjunction with other ordinary information. As themerchant or bank or other user is attempting to run the credit check forthe user, it may use the attestation API to convey to the attestor theattempt to access or use the user's information. The attestation API mayalso allow the merchant or bank or other user to communicate, directlyor through the attestor or the attestor application, to the user thatsomeone is trying to access or use their user information and thepurpose that the user information was provided for. In this example, theuser is informed that their SSN is being accessed or used for thepurpose of opening new credit. The attestor or the attestor'sapplication or the merchant, bank, or other user or an application ofthe merchant, bank, or other user, may provide a prompt for the user toallow or deny the transaction through an application, voice message,text message, or any other communication channel. The use of theattestation API may provide merchants and banks and other users areduction in the amount of fraud and may provide a higher sense ofsecurity for users about their information.

In an aspect, an attestation site or application may provide an API toallow any of its authenticated users to be communicated to by othersites which have information about that user but lack a direct means ofcontacting the user because they don't know any of the user'scommunication channels. An attestation site or application may providethis API for a fee. An attestation site or application may control thefrequency or volume or types of communication to be sent to usersaccording to user preferences or attestation site policies. Anattestation site or application may prevent user communication channelinformation such as means of contacting the user from being revealed inthis API.

Because of the chance of unsolicited information being transmitted toauthenticated users of the attestation site from other sites, theattestation site may perform spam filtering and unsolicitedcommunication filtering on an aggregate basis to incoming communication.The attestation site may also require the other site to provide enoughinformation relating to the user they are trying to communicate with inorder to establish that there was a pre-existing business relationshipbetween the other site and the user. Additional authentication steps maybe performed on the other site, similarly to how they are performed onusers, in order to authenticate the site attempting communication. Thenotification approach described herein may provide a novel way for userswho have registered with the attestor to receive critical communicationsfrom parties who lack correct or updated communication channelinformation for a user, but who may have a legitimate need tocommunicate with the user.

FIG. 1 is a diagram illustrating a system 100 for use in providingauthentication of information, such as personal identificationinformation of a user. As shown in FIG. 1, the system 100 mayinterconnect a plurality of participants (e.g., devices, systems,components, resources, facilities, and so on) in a communicatingrelationship via one or more communication networks 190. Theparticipants may, for example, include a user computing device or user110, an attestor site or device or attestor 120, an identity validationsite or device or validator 130, and a verifier site or device orverifier 160. Verifier 160 may be a merchant, a bank, or other entity inneed of verification of user identities. Other entities in the system100 include a digital wallet provider site or device or digital walletprovider 140, as well as a third-party cosigner computing device orthird party cosigner 112.

Some or all of the participants may have access to a centralized ordistributed ledger 150. Centralized or distributed ledger 150 is anelectronic ledger which contains a list of verified transactions ofdigital cryptocurrency. In Bitcoin, centralized or distributed ledger150 is a distributed ledger which is referred to as a blockchain.Although transactions are communicated over the Bitcoin network forentry into the blockchain, participants referred to as “miners” mayultimately be the entities that perform transaction verification andblockchain entry.

The system 100 may include one or more additional or alternativeattestors 120, which may be private or public entities. An additional oralternative attestor may be a provider of actual sources ofidentification for users. For example, an additional or alternativeattestor may be or include a site or device of a government entitydesignated to issue sources of user identification (e.g. a governmentoffice which issues passports, a Department of Motor Vehicles or DMVwhich issues driver's licenses, etc.). The system 100 having one or morecommunication networks 190 may utilize any data network(s) orinternetwork(s) suitable for communicating data and control informationamong participants in the system 100. This may include public networkssuch as the Internet, private networks, and telecommunications networkssuch as the public Switched Telephone Network or cellular networks usingsecond generation cellular technology (e.g. 2G, GSM, or EDGE), thirdgeneration cellular technology (e.g., 3G or IMT-2000, UMTS, or WCDMA),fourth generation cellular technology (e.g., 4G, LTE, LTE-Advanced,E-UTRA, etc. or WiMAX-Advanced (IEEE 802.16m), 5G cellular technology,peer-to-peer and personal area network technologies such as Bluetooth,Bluetooth LE, Wi-Fi Direct, LTE Direct, NFC, and/or other technologies,as well as any of a variety of corporate area, metropolitan area, campusor other local area networks or enterprise networks, along with anyswitches, routers, hubs, gateways, and the like that might be used tocarry data among participants in the system 100. The network may also bea high bandwidth, high-latency network such as ‘sneakernet’, whereinformation on a mass storage device is hand-delivered or delivered viaa mailing service such as DHL®, a national postal service, FedEx®, UPS®,or the like. The network may also utilize a visual data channel, such asbarcodes, 2D barcodes, quick response (QR) codes, motion QR codes, orany form of animated visual information that can be captured by a visualcapture device in a computer or portable device. The network may alsoutilize an audio channel to deliver information encoded in watermarkedor fingerprinted audio such as those provided by Shazam® or the like.System 100 may also work in with an intermittent network connection orin a disconnected, offline mode. The network utilized may also include acombination of data networks, and need not be limited to a strictlypublic or private network. The devices, systems, and methods may furthercommunicate using the “Bitcoin” network, which includes a plurality ofnodes operating in accordance with a peer-to-peer (P2P) bitcoin protocolover the Internet.

The participants in the system 100 may each include network interfacesor the like for communication over the network. The network interfacesof the participants may allow for real time data synchronization betweenany of the participants, either on a shared network basis or on apeer-to-peer basis directly between the participants.

Part or all of the centralized or distributed ledger 150 may bedownloaded or cached by any of the participants in the system 100 foroffline use. Any of the parties may download the centralized ordistributed ledger 150 on a periodic basis when they are connectedonline. The centralized or distributed ledger 150 may be delivered on aperiodic or one-time basis to participants via postal mail, deliveryservice, or private delivery channels operated by the participant. In anembodiment, the Bitcoin blockchain may be used as the distributed ledger150. In another aspect, a different distributed, centralized ordecentralized ledger 150 may be used instead of the Bitcoin blockchain.The centralized or distributed ledger 150 may be accessed from a cachedoffline store. A relevant subset of the centralized or distributedledger 150 may be provided by an attestor 120.

FIG. 2 is a flow diagram 200 illustrating various protocols which may beused for providing authentication of information, for example personalidentification information or “PII” in the system of FIG. 1, the variousprotocols including an attestation protocol 202, a validation protocol204, a signing protocol 206, a verification protocol 210, and arevocation protocol 212.

Initially, cryptography is utilized to create a key pair for the user110. The creation of a key pair includes the creation of a user privatekey and a public key. The key pair may be created using elliptic curvecryptography, such as described in Guide to Elliptic Curve Cryptography(Springer Professional Computing) ISBN-13: 978-0387952734, which ishereby incorporated by reference herein in its entirety.

The user 110 may provide the user's pubic key to the attestor 120. In anaspect, the user 110 may also provide the public key of a third-partycosigner to the transaction. The third-party cosigner may be a digitalwallet provider (e.g. digital wallet provider 140 of FIG. 1), forexample, a bitcoin wallet provider, or any other entity that can providea public key for the transaction. There may be multiple third-partycosigners (e.g. third party cosigner 112 of FIG. 1), bringing the totalnumber of keys to N. In one embodiment, the collection of public keys islater used to create the attestation address using a multisigtransaction. In this case, the attestation transaction may only berevoked (i.e. the funds at this attestation address may only be spent)with a multisig transaction where M of N keys are provided. In this way,it is not possible for a single party to revoke the attestation. Asshown in FIG. 2, the attestor 120 may receive information from the user110, in a request to perform attestation using an attestation protocol202. The information from the user 110 may be personal identificationinformation or “PII” that may uniquely identify the user 110. Ingeneral, the attestation protocol 202 causes the information (e.g. thePII) from the user 110 to be validated and attested to with use ofsigning protocol 206.

Upon receipt of the information, the attestor 120 will initially attemptto confirm the authenticity of the information using a validationprotocol 204. This validation protocol 204 may be performed by avalidator (e.g. validator 130 of FIG. 1). The validator may be the sameentity as the attestor 120 or it may be a separate entity, such as athird-party identification service provider. The validation protocol 204may include any suitable validation steps to validate the identity ofthe user 110. The validation protocol 204 may include conventionalvalidation steps using any contact information or communication channelsprovided by the user 110. These steps may include communications such astexting, e-mailing, calling, or messaging the user 110 with the providedcontact information. The validator may send messages out on anycommunication channel provided by the user 110 or known to belong to theuser 110. The validator may send a physical postcard or mail to aphysical address provided by user 110, and require the user 110 to entera code provided on the physical postcard or mail on an attestor's siteor application in order to continue with or complete the validationprotocol 204. The validator may require the user 110 to prove they ownor control something by providing verifiable title, or that they know apassword. The validator, as part of the validation protocol 204, mayprovide information to the user 110 on one communication channel of theuser 110, and require that the user entered the same information onanother communication channel by the user 110 to verify legitimacy ofthe user's 110 identity.

The validation protocol 204 may determine that the information and/oridentity of the user 110 is not authentic, and may indicate and/orcommunicate this failure (“FAIL”). The attestor 120 may indicate thisfailure to the user 110. On the other hand, the validation protocol 204may determine that the user 110 and the user information is authentic,and may indicate and/or communicate this authenticity (“PASS”).

When the information passes as authentic, the attestor 120 continues toperform the attestation protocol 202 which includes a signing protocol206. In one embodiment, attestation and signing protocols 202 and 206provide for the user 110 a digitally-signed attestation transaction,spending an amount of cryptocurrency (e.g. dust) to a digital walletcontrolled by a secret sharing cryptographic algorithm using M of Nkeys. This signed attestation transaction is communicated to the networkby the attestor 120, for storage in the centralized or distributedledger 150. The signed attestation transaction may include the user'spublic attest key, and is stored at an attestation address. In oneembodiment, the user information that was validated and used to generatethe attest key is stored by the user. In one embodiment, the userinformation is stored on the user's device. In one embodiment, the userinformation is stored in the user's digital wallet. In one embodiment,the user information is stored in an attestor application on a userdevice. In one embodiment, the user information is captured in a visualor moving code on the user's device. Note that, although transactionsare communicated over the Bitcoin network for entry into the blockchain,participants referred to as “miners” may ultimately be the entities thatperform transaction verification and entry into the blockchain.

A description of techniques and protocols for creating transactions withuse of Bitcoin cryptocurrency may be found in the book by Antonopoulos,Andreas M. Mastering Bitcoin: Unlocking Digital Cryptocurrencies,O'Reilly Media, 2014, ISBN 978-1449374044, which is here incorporated byreference in its entirety. The attestation address of the attestationtransaction may be computed using a Pay to Script Hash (P2SH) bitcoinprotocol. The attestation address of the attestation transaction may bea P2SH multisig address. The attestation transaction's outputs may bespent by a combination comprising attestor or validator's public key,one or more third party cosigner(s) public keys, and a user's publickey. Note that the attestation protocol 202 together with the signingprotocol 206 is described again later in relation to the flowchart ofFIG. 3.

Continuing with reference to the flow diagram 200 of FIG. 2, afterattestation by the attestor 120, the user information may be verified bya verifier 160 with use of a verification protocol 210. The verifier 160may be a merchant, bank, or other entity. The verification protocol 210may receive and utilize the user's public key, the third-partycosigner(s) public key(s), the user information that was used to createthe attestation address, and the attestation transaction signed by theattestor 120. The verification protocol 210 derives the user's publickey using the same or similar approach taken earlier above. Theverification protocol 210 checks that the attestation address of theattestation transaction is controlled by the user 110, any third-partycosigners, and the attestor 120. The attestation address may map to an Mof N digital wallet to implement the multisig signing protocol. Theverification protocol 210 verifies that the attestation transaction isstill valid and has not been revoked, checking that the attestationtransaction is still in the centralized or distributed ledger 150. Asuccessful verification indicates that the authenticated userinformation is still valid.

Further, the verification protocol 210 may send a challengecryptographic nonce to the user 110 to be signed using the signingprotocol and the user's private key. This cryptographic nonce may begenerated by a cryptographic nonce generation algorithm as known in theart. The cryptographic nonce may be generated with, or may include, atimestamp. The cryptographic nonce may be generated through repeatedhashing of a random or pseudo-random value. This challenge cryptographicnonce may be generated through software or using a dedicated hardwarecircuit or chip that supports encryption. The cryptographic noncechallenge may be generated by a mobile application, by a digital wallet,or by an attestation application. In response to receipt of thechallenge cryptographic nonce, the user 110 signs the cryptographicnonce using a signing protocol and the user's private key. This confirmsthat the user 110 still has current control over that particularprivate/public key pair. Note that the verification protocol 210 isdescribed again later in relation to the flowchart of FIG. 4.

Continuing with reference to the flow diagram 200 of FIG. 2., the user110 or attestor 120 may revoke an attestation made in the past with useof a revocation protocol 212. The revocation protocol 212 may utilize athird party digital wallet provider or other third party cosigner, or itmay be performed solely by the user 110 or attestor 120, or by the user110 and the attestor 120. The revocation protocol 212 may be performedusing a mobile application or a web-based client or cloud service, asexamples. A participant may be allowed to revoke an attestation theyhave made in the past by signing a new transaction, spending the dustcorresponding to the original attestation. To spend this dust, theparticipant may need to provide a subset of the third-party cosigners ofthe original attestation, namely a user's private attestation key andone or more of the third party cosigner's keys. The attestor 120 may beallowed to revoke an attestation by signing a transaction, spending thedust of an attestation using the attestor's private key. Note that therevocation protocol 212 is described again later in relation to theflowchart of FIGS. 5a and 5b . In the attestation protocol 202, thecentralized or distributed ledger may receive a signed attestationtransaction to the multisig attestation address, calculated by anattestor or a third-party cosigner. Note that the centralized ordistributed ledger may receive this transaction from a third partydigital wallet provider different from the attestor or the third-partycosigner. For the convenience of the user, either attestor or thethird-party cosigner or both or a third party digital wallet provider oranother third party may store user's attest key or public key, protectedby a passphrase, on behalf of the user.

In one embodiment, a hierarchical deterministic wallet (HD wallet) isused to generate the public attest key. In some embodiments, the hashedinformation is used as an offset combined with the public key generatedfor the information, compliant with the Bitcoin BIP32 standard.

The attestor or third party cosigner may use an existing distributedledger, such as the Bitcoin blockchain, and in doing so, leverage theexisting transaction protocols defined for this distributed ledger asknown in the art. The protocols defined herein may be realized using“Colored Coins” on the Bitcoin blockchain, for example.

FIG. 3 is a flowchart 300 for describing a method of the attestationprotocol 202 which may be performed by an attestor.

Beginning at a start block 302 of FIG. 3, the attestor receivesinformation and a public key which may be generated from the information(step 304 of FIG. 3). The information may be, for example, personalidentification information (“PII”) belonging to a user. The public keyis generated for the information, and may be a user's public key. Uponverification of this information, a first hash function is applied tothe information to create a hash (step 306 of FIG. 3). The hash of theinformation and the public key are combined to generate a public attestkey (step 308 of FIG. 3). In some embodiments, elliptic curve additionis used to combine the hash of the information with the public keygenerated for the information. An attestation address is generated basedon the public attest key (step 310 of FIG. 3). A signed transactionwhich includes the user's public attestation key is generated andcommunicated for storage in a centralized or distributed ledger at theattestation address (step 312 of FIG. 3). The information that was usedto generate the attest key is stored for the user. In one embodiment,the user information is stored on the user's device. In one embodiment,the user information is stored in the user's digital wallet. In oneembodiment, the user information is stored in an attestor application ona user device. In one embodiment, the user information is captured in avisual or moving code on the user's device. In some embodiments, thetransaction communicated to the centralized or distributed ledgerincludes a data file in the form of a data block that includes at leastthe public attest key and the attestation address generated by thetechniques described herein. The flowchart ends at an end block 314 ofFIG. 3. The signed transaction in the ledger may be checked by averifier for verification purposes using a verification protocol. Thesigned transaction in the ledger may be revoked by the user or attestorusing a revocation protocol. The key pairs may be created using ellipticcurve cryptography. Each participant's public key may be generated bymultiplying an elliptic curve generator point G, by the participant'sprivate keys. Each of the participants may know each other's publickeys. The information may be hashed with a cryptographic hash function,for example, SHA256, RIPEMD160, or both.

FIG. 4 is a flowchart 400 for describing a method of the verificationprotocol 210 of the verifier. The protocol starts at block 402 of FIG.4. At step 404, the verifier sends a request for information of the userto the user. The information requested from the user includesinformation that has been previously attested to in an attestationtransaction stored within a centralized or distributed ledger. Theverifier requires as well all the public keys that were used to sign theattestation transaction. At step 406, the verifier receives theinformation from the user. In step 407, the verifier sends a challengecryptographic nonce to the user with the request that the user sign thisnonce with their private key. In step 408, the verifier receives thesigned cryptographic nonce from the user. Except where specified, it isunderstood that the steps may occur in the sequence described.Alternatively, the steps may occur simultaneously, or in a differentorder. For example, steps 404 and 407 may occur simultaneously.Similarly, steps 406 and 408 may occur simultaneously or in a differentorder. In step 410, the verifier uses the user's public key and thesigned cryptographic nonce to verify that the user is who they claim tobe, i.e., that the user controls the private key that was used togenerate the user's public key. In step 412, the verifier then takes theinformation sent by the user, along with the public key sent by theuser, and derives the public attest key. In step 414, the verifier takesthe public attest key and all the public keys sent by the user andderives the attestation address. The verifier then uses the attestationaddress to verify that the attestation transaction exists at thataddress in the centralized or distributed ledger at step 416. Theprotocol ends at an end block 418 of FIG. 4. Thus, the information andthe validity of the user has been verified.

In step 404 in FIG. 4, the verifier needs specific information from auser. In one embodiment, the verifier may need a user's credit cardnumber, security code, and address, in order to complete a businesstransaction. In one embodiment, the verifier may need a user's socialsecurity number or other federal identification number, in order toprocess an application. The verifier may need information from a user toperform any function related to the information. The verifier may onlywish to perform a function related to this information if theinformation has previously been attested to by an attestor, and cantherefore be assumed to be valid. The verifier may only wish to performa function related to this information if it can be shown that the usersending the information has control over the information or owns theinformation. The verifier sends a data request to the user. In oneembodiment, this request for data is called a dataRequest. In oneembodiment, a cryptographic challenge nonce is sent with the request fordata. In one embodiment, the request for information and thecryptographic challenge nonce are sent separately. In one embodiment,the request for data includes a request for the user to send the user'spublic key. In one embodiment, the request for data includes a requestthat the user send only the data that was stored when the originalattestation transaction was generated. In one embodiment, the requestfor data includes a request for the user to send all the public keysthat were used to create the attestation address, including for examplethose of the user, an attestor, a third party cosigner, a digital walletprovider, etc.

In step 406 of the verification protocol 210, the verifier receives theinformation requested from the user. In one embodiment, the verifierreceives the user's public key in addition to the information requested.In one embodiment, the verifier also receives the public keys that wereused to create the attestation address. In one embodiment, theinformation sent is the information that was stored during the originalattestation protocol. In one embodiment, the public keys received fromthe user include the attestor's public key and one or more third partycosigner's public keys. In one embodiment, the received data includesthe cryptographic challenge nonce which has been signed by the user'sprivate key. In one embodiment, the cryptographic challenge nonce issent to the user in step 407 and the cryptographic challenge noncesigned with the user's private key is received back in step 408. In step410, the verifier may use the signed cryptographic nonce and the user'spublic key to verify that the user is who they say they are, as in knownin the art. In step 412, the verifier uses the information received fromthe user and the user's public key to derive the public attest key. Inone embodiment, the verifier may create the public attest key themselvesusing an application or website of the attestor which uses a portion ofthe attestation protocol to generate the public attest key. In oneembodiment, the verifier may create the public attest key using anapplication or website provided by a third party, for example but notlimited to a digital wallet provider. In one embodiment, the verifiermay create the public attest key using an application which uses aportion of the attestation protocol to generate the public attest key.In one embodiment, the verifier may send the information received by theuser to the attestor and may receive the public attest key back from theattestor. In one embodiment, the verifier may have a prior knowledge ofthe attestation protocol and may generate the public attest key locally.In step 414, the verifier then derives the attestation address, usingthe public attest key and the other keys sent by the user. In oneembodiment, the verifier may create the attestation address themselves.In one embodiment, the verifier may create the attestation transactionusing an application or website of the attestor. In one embodiment, theverifier sends the user information, the user's public key, and all theother keys sent by the user to a third-party application or website andthe third-party application or website performs the function ofcalculating the public attest key and the attestation address on behalfof the verifier. In one embodiment, the verifier uses a third-partydigital wallet provider application or website to verify the existenceof the attestation transaction at the attestation address. In oneembodiment, the verifier may send the public attest key and the otherpublic keys received by the user to the third-party application orwebsite via an API. In one embodiment, the verifier may verify that theattestation address for the attestation transaction can be derived usingthe Pay to Script Hash (P2SH) with the public attest key and the otherpublic keys sent by the user which may include the attestor's public keyand a third party cosigner public key. In step 416, the verifier maycheck that the attestation address of the attestation transaction isvalid, by verifying the existence of the attestation transaction at theattestation address in the centralized or distributed ledger anddetermining whether transaction was revoked, by verifying that thecryptocurrency associated with the attestation transaction has not beenspent. In one embodiment, the verifier may use a third-party digitalwallet provider application or website to verify the existence of theattestation transaction at the attestation address. In one embodiment,the verifier may send the data received from the user to an attestor inorder to verify the existence of the attestation transaction at theattestation address. In one embodiment, the above steps of verifyingcontrol of the user's private key using the challenge nonce; derivingthe public attest key; generating the attestation address; and verifyingthe attestation transaction at the attestation address in thecentralized or distributed ledger may be done by in various combinationsby the verifier, by the attestor, or by a third party.

FIG. 5a is a flowchart 500 for describing a method of the revocationprotocol 212. Prior to describing the steps of the revocation protocol212 of FIG. 5a , it is noted that an attestation transactionauthenticating information has already been generated and stored in thecentralized or distributed ledger. In one embodiment, the revocationprotocol is used to remove information that has previously been attestedto. If a user had attested to a deed for some property that they owned,and later sold the property, then the user may wish to revoke theattestation transaction. In one embodiment, the attestor wants to revokethe attested information. For example, if a driver's license needed tobe revoked for some sort of offense, then the department of motorvehicles, who may be the original attestor to this information, wouldrevoke the driver's license. In another example, the attestor may bedifferent from the issuer of the information that needs to be revoked,but may still be the party that revokes the transaction. For example,the attestor may discover that somehow a user had created an account atthe attestor using fraudulent identification, and then the attestorwould revoke the attestation that the user had created. In oneembodiment, the user may wish to revoke their own attested information,for example, if they thought it had been compromised. In one embodiment,the revocation protocol is used to change information that has beenpreviously attested to. If a user had previously attested to personalinformation including an address and a credit card number, and then thecredit card number changed, the user could use the revocation protocolto change the credit card information in the attested information. Inone embodiment, the original attestation transaction was generated byusing an m-of-n multisig transaction, and so much be revoked using thesame m-of-n signatures. Beginning at a start block 502 of FIG. 5a , anew signed transaction is generated to revoke the previous attestedinformation (step 504 of FIG. 5a ). In one embodiment, there is anattestation transaction associated with the previously attestedinformation. The new, signed transaction is then sent over the networkto the centralized or distributed ledger (step 506 of FIG. 5a ) whichrevokes the attestation transaction by spending cryptocurrencyassociated with the attestation transaction. The flowchart 500 of FIG.5a ends at a finish block 508.

Thus, in the revocation protocol 212, an attestation transactionauthenticating user information may be revoked by spending thecryptocurrency and thus invalidating the transaction that was created torepresent the earlier attestation. In one embodiment, the destination ofthe cryptocurrency associated with the spending transaction would be theperson or entity initiating the revocation. In one embodiment, it is theattestor that is initiating the revocation and the cryptocurrency issent back to the attestor's digital wallet. In one embodiment, M of Nkeys in the attestation address are needed to sign the spendingtransaction in order to revoke the attestation, in other words the M ofN keys used to sign the original attestation transaction are needed inorder to sign the spending transaction in order to revoke theattestation. The revoking transaction may be entered into thecentralized or distributed ledger by the attestor, by the user, by thethird party cosigner, or by a fourth party who is not part of the m-of-ngroup.

FIG. 5b is a flowchart 510 which describes an exemplary embodiment ofthe revocation protocol in more detail. The protocol begins at startblock 502. Previously attested-to information, that is captured in anattestation transaction at an attestation address, that needs to beremoved or changed, is identified. In one embodiment, this informationcould be identified by the user, for example because some personalinformation like an address, driver's license number, or credit cardnumber has changed. In one embodiment, the revocation could be initiatedby a user because of a fear of a data breach. In one embodiment, thisinformation could be identified by an attestor that had previouslyattested to information from this user, and who has identified that someof the previously attested to information is no longer valid. In oneembodiment, an attestor could identify information that needs to berevoked because a user no longer is in existence. In one embodiment, athird party may request that previously attested to information isrevoked, for example in the instance of a relationship that wasestablished between the user and the third party which has becomeinvalid. At step 504, a new attestation transaction is generated tospend the cryptocurrency (the dust) that is associated with the existingtransaction, in order to revoke some or all of the previously attestedto information that has been identified for revocation as discussedabove. In one embodiment, a user generates a signed transaction whichspends the cryptocurrency or dust associated with the existingattestation. In one embodiment, an attestor generates a signedtransaction which spends the cryptocurrency or dust associated with atransaction. In one embodiment, a user may identify the information thatneeds to be revoked, and an attestor or other third party may performall the steps of the actual revocation protocol on behalf of the user.In one embodiment, the information that is to be revoked is a subset ofthe information in the existing unspent attestation transaction. In oneembodiment, all of the information in the existing attestationtransaction is desired to be revoked. At step 506, the new signedtransaction is sent to the centralized or distributed ledger, therebyspending the cryptocurrency associated with the previous attestationtransaction. At step 507 a, it is determined whether there is newinformation that needs to be attested to. In one embodiment, the newinformation may replace the information which has just been revoked. Inone embodiment, the new information may be a correction to theinformation which has just been revoked. In one embodiment, theattestation transaction that was spent when the signed revocationtransaction was sent to the centralized or distributed ledger containedsome information that the user wants to revoke and some information thatthe user wants to keep, and so the new information may contain some ofthe old information which was revoked. In one embodiment, the newinformation may be associated with a different user than the informationwhich was just revoked. If there is no new information to attest to, theprotocol moves to block 508 and finishes. If there is new information toattest to, then the attestation protocol is invoked. The primary stepsof this protocol are shown in steps 507 b, 507 c, and 507 d. In step 507b, a new public attest key is created, using a hash of the newinformation to attest to combined with the user's public key. In step507 c, a new attestation address is created based on the public keys ofall the signatories to the attestation and the attestation transactionis signed. To edit the details of an attestation transaction, theexisting transaction can be revoked and then an entirely new transactioncan be created using the attestation protocol. In step 507 d, the signedattestation transaction is broadcast to the centralized or distributedledger. The protocol then moves to block 508 and finishes.

FIG. 6 is a flowchart 600 for describing a method for creating a useraccount for a user with an attestor for attestation purposes. A user isdirected to an attestor's website or app (step 602 of FIG. 6). Theattestor site prompts the user to apply for new account and to provideinformation (e.g. PII) (step 603 of FIG. 6). The attestor site receivesfrom the user an indication to create the new account and receives fromthe user the information (e.g. PII) to be attested, as well as anysupporting documents and/or other evidence that helps verify theinformation (step 604 of FIG. 6). The received information may includefull name, home address, Social Security Number (SSN), and date of birth(DOB), along with documentation including a SSN card, a birthcertificate, and a driver's license.

A validator, which may be a third party, the attestor, or both, mayvalidate the information using a validation protocol (step 605 of FIG.6). Here, for example, the validator may produce knowledge-basedquestions for the attestor to present to the user (step 606 of FIG. 6).In response, the user may submit answers which are received by theattestor (step 607 of FIG. 6). The attestor and/or the validator maycalculate a degree of risk for the user based in part on how correctlythe user answered the knowledge-based questions (step 608 of FIG. 6).Conditionally, if the user's risk profile is too high, the attestor mayrefuse to create or validate the user account (step 609 of FIG. 6).

On the other hand, when the information is determined to be valid, theattestor proceeds to create the user account and perform steps forattestation. This causes a cryptographic asymmetric key pair (public keyand private key) to be created for the user (step 610 of FIG. 6). Thiskey pair may be created by the attestor, the digital wallet provider, orother device. With a private key, the user is able to perform a signingprotocol to sign attestation transactions. At various times and forvarious protocols, it is necessary to establish that the user is incontrol of the attestation transaction, in other words that theattestation transaction has not been revoked and is still a validtransaction. In one embodiment, this is done by checking to make surethe transaction has not been spent. In one embodiment, the transactioncould be verified as unspent by looking to see if the transaction can befound in the unspent transaction output (UTXO) cache.

The attestor may also create or cause to be created a digital wallet forthe user (step 611 of FIG. 6). Both an attestor and a third-partycosigner may sign the root key of the user, and may place the key in thepreviously-created digital wallet. Either the attestor or thethird-party cosigner may store the root key (steps 612 and 613 of FIG.6). The attestor performs or causes to be performed an attestationprotocol, a validation protocol, and a signing protocol, for creating asigned transaction which is communicated over the network (e.g. theBitcoin network) for storage in the centralized or distributed ledger(step 614 of FIG. 6).

FIG. 7 is a flowchart 700 for describing a method of executing abusiness transaction from a commercial website. In the exemplaryembodiment, the business transaction is a purchase transaction, and thecommercial website is a merchant website. Alternatively, the commercialwebsite is for a financial services institution, etc. Beginning at astart block 702 of FIG. 7, the merchant's website, or a merchantapplication running on the mobile device of the user, may receive anindication from a user to start processing a purchase transaction (step710 of FIG. 7). In step 720, a request for information of the user issent, wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address, the centralized or distributed ledgerproviding a verifiable record of transactions. In step 730, a processorassociated with the merchant website receives the information of theuser. In step 740, a cryptographic challenge nonce is sent to the user.In step 750, the cryptographic challenge nonce is signed with the user'sprivate key and sent back to the merchant's website or the merchantapplication running on the mobile device of the user. In step 760, theuser's identity is verified using the cryptographic challenge noncesigned by the user's private key. In step 770, the public attest derivedusing information of the user. In step 780, the attestation address isderived using the public attest key. In step 790, the existence of theattestation transaction at the attestation address in the centralized ordistributed ledge is verified. In step 792, upon verification of theexistence of the attestation address, the purchase transaction iscompleted. The method ends at step 794.

In one embodiment, the merchant application may facilitate theindicating of the user to start processing the transaction through anelectronic display. In one embodiment, the electronic display orpresentation has a login or entry screen corresponding to the merchant'swebsite and receiving an indication from a user to start processing atransaction comprises receiving login information from the user andvalidating the login information. In one embodiment, in thepresentation, the user may click on a button, menu item, or otherindicator, to login, enter, or start processing associated with theonline site. In one embodiment, the merchant receives the user login oran indication from the user to start processing without logging in, forinstance if the user enters the merchant's site as a guest. In step 720,the merchant sends a request for information of the user. In oneembodiment, the merchant's website may require user information in orderto complete the purchase transaction. For example, the merchant'swebsite may require credit card or payment information or shippinginformation of the user. In one embodiment, the merchant prompts theuser to share necessary information with the merchant's website. In oneembodiment, the merchant informs the user that the information requestedneeds to have already been attested to by the attestor. In oneembodiment, the information requested may include, for example, userpayment information or user shipment information. In one embodiment, theinformation requested from the user may include the user's public key,and the public keys of the attestor and any third-party cosigners of theattested information. In one embodiment, the merchant may request thepublic keys of the user, the attestor, and any one or more third-partycosigners from a digital wallet. In one embodiment, sending a requestfor information of the user comprise providing a request to an attestorfor information of the user. In step 730 of FIG. 7, the merchant websitereceives the user information necessary in order to complete thepurchase. In one embodiment, receiving information comprises receivingfrom the attestor the information of the user.

The merchant website may then verify the information using theverification protocol described earlier above. In step 740, the merchantwebsite may send a cryptographic challenge nonce to the user, requestingthat the user signs the nonce with their private key. The merchantperforms this step, in order to confirm that the user has control of theuser's private key. In one embodiment, the cryptographic challenge nonceis sent to an attestor application, wherein the attestor manages theuser's private keys and can sign the cryptographic nonce with the user'sprivate key. In one embodiment, the cryptographic challenge nonce issent to a third-party digital wallet provider, wherein the digitalwallet provider controls the user's private keys and can sign thecryptographic nonce with the user's private key. In step 750, themerchant website receives the cryptographic challenge nonce signed withthe user's private key. In step 760, the merchant website verifies theuser identity with the cryptographic challenge nonce signed by theuser's private key. In one embodiment, this step is performed by usingthe user's public key as in known in the art. In one embodiment, thisstep is performed by the attestor on behalf of the merchant. In oneembodiment, this step is performed by an attestor application that themerchant or the user is interacting with. In one embodiment, theattestor provides an API in order for the merchant to perform this step.In one embodiment, this step is performed by a digital wallet provideron behalf of the merchant. If this verification is successful, then themerchant now has a high degree of confidence that the user is who theysay they are, because they control the user's private key. In step 770,the merchant derives a public attest key using the information receivedfrom the user and the user's private key, as described in the methodsherein. In step 780, the merchant further derives an attestation addressusing the public attest key, and the other public keys received, asdescribed in the methods herein. The merchant verifies the existence ofthe attestation transaction at the attestation address in thecentralized or distributed ledger in step 790. In one embodiment, themerchant additionally verifies that the transaction is in the unspenttransaction output (UTXO) cache and therefore is still valid and has notbeen revoked. In one embodiment, one or more of steps 770, 780, and 790may be performed by an attestor. In one embodiment, one or more of steps770, 780, and 790 may be performed by a digital wallet provider onbehalf of an attestor or a merchant. The merchant may now have a highdegree of confidence that the information provided by the user is valid.The merchant may proceed to complete the purchase transaction in step792, without necessarily having to re-verify the information throughadditional fraud detection and prevention steps. The method ends at step794 of FIG. 7.

FIG. 8 is flowchart 800 for describing a method of executing a purchasetransaction with a merchant. In one embodiment, this method provides forverifying identity offline (e.g., without an active Internet dataconnection) using an attestation application running on a user's device.In one embodiment, the method using a third-party digital walletapplication. In one embodiment, the method uses an API provided by anattestor. In one embodiment, the method uses a merchant website orapplication.

The user has previously had information attested to by an attestor. Instep 810, the user opens the application on the user's device and isdisplayed a presentation for selecting different items of attestedinformation. In one embodiment, the user may select what attestedinformation to share of a totality of attested information. In oneembodiment, the user may select a pre-configured template ofinformation. In step 820, the application on the user's device receivesthe user's selection of attested information. In one embodiment, theuser's selection of attested information includes a set of paymentinformation. In one embodiment, the user's selection of attestedinformation includes the proper license or permit for an activity, aticket for an event, or a passport for a border stop.

Upon selection of information, in step 830 the application presents avisual code representing the selected attested information on the user'sdevice. In one embodiment, the visual code is a barcode or a movingvisual image. The visual code represents the selected attestedinformation. In one embodiment, the user may show this presentation tothe verifier, who may be a merchant, a border agent, a metro turnstile,or other person. In one embodiment, the verifier may scan the visualcode, with use of a scanner or a camera on a mobile device, as examples.

In step 840, the application transfers the selected attested informationvia the visual code. In one embodiment, the user's device running theapplication may transfer the information using one of many othertechniques of peer-to-peer (P2P) communication including, but notlimited to, local Wi-Fi, Bluetooth, Bluetooth LE, near fieldcommunications (NFC), infrared, RFI, ambient audio, supersonic audio, orthe like. Upon receipt of the attested information, the device of theverifier performs a verification protocol to assert whether the data wasattested to in the past by an attestor, indicating if the information isverified. The verifier can consult its own cached copy or subset of thecentralized or distributed ledger database that may contain the user'sattestation transactions. The attestation is still valid if theattestation transaction is in the ledger, indicating that up to the ageof the local cache, the attestation had not been revoked by any capableparties. The device of the verifier as part of the verificationprotocol, may send a challenge to the user in the form of acryptographic nonce message using the procedure described herein above.In one embodiment, the verifier is the merchant. In one embodiment, theverifier is an attestor who acts on behalf of the merchant. In oneembodiment, the verifier is a third-party digital wallet provider whoacts on behalf of the merchant.

FIG. 9 is a flowchart 900 for describing a method of executing apurchase transaction with a merchant. In one embodiment, this methodprovides for verifying identity offline (e.g. without an active Internetdata connection) using an attestation application running on a user'sdevice. The user has previously had information attested to by anattestor, and this information is stored. A communication channel is setup between the user's device and the merchants' server in order for alldata to be passed across. In one embodiment, the channel may beestablished by the user presenting on their device a code that themerchant can scan. In one embodiment, the communication channel isestablished by way of receiving a signal transmitted by a short-rangetransmitter for a processor associated with a user, using one of manytechniques of peer-to-peer (P2P) communication including, but notlimited to, local Wi-Fi, Bluetooth, Bluetooth LE, near fieldcommunications (NFC), infrared, RFID, ambient audio, supersonic audio,or the like. In one embodiment, peer-to-peer communications would onlybe used if a connection to the internet was not available. In oneembodiment, the user opens an attestation application on a mobile deviceand is displayed a presentation for selecting different storedpreviously attested information. In one embodiment, the attestationapplication on the user device creates a code which is used both toestablish the communication link and to transfer the previously attestedinformation and the user's public key. In one embodiment, the user mayselect what attested information to share, or select a pre-configuredtemplate of information. In step 910, the merchant receives a code whichrepresents its save information of the user, wherein the code isprovided by an output device for a processor associated with the user,and wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address. In one embodiment, the merchantreceives the code via an attestor application on a merchant device. Inone embodiment, the merchant receives the code via a third-party digitalwallet application on the merchant device. In one embodiment, receivingat a processor associated with the merchant a code representinginformation of the user comprises receiving a visual code displayed on adisplay unit for a processor associated with the user. In oneembodiment, receiving at a processor associated with the merchant a coderepresenting information of the user comprises optically recognizing thevisual code displayed on a display unit for the processor associatedwith the user. In one embodiment, receiving at a processor associatedwith the merchant a visual code representing information of the usercomprises placing an optical recognition device associated with theprocessor of the merchant in visual proximity with the display unit forthe processor associated with the user. In one embodiment, the merchantmay act as a verifier and may user the verification protocol aspreviously described. In one embodiment, the merchant may be a borderagent, a gate or turnstile at an entry port to public transit, oranother person. In one embodiment, the user selection of attestedinformation includes a set of payment information, the proper license orpermit for an activity, a ticket for an event, or a passport for aborder stop.

In step 920, the processor associated with the merchant converts thereceived code to information of the user. In one embodiment, themerchant scans the visual code, with use of a scanner or a camera on amobile device, as examples. In one embodiment, an attestor applicationconverts the code into information of the user. In step 930, the publicattest key is derived by using the information of the user. In oneembodiment, the public attest key is derived using an attestorapplication. In one embodiment, the public attest key is derived using adigital wallet application. In one embodiment, the user informationconverted from the code includes a user's public key. In one embodiment,the user's public key is stored by the attestor application or by thethird-party digital wallet application. In step 940, the attestationaddress is derived using the public attest key. In step 950, theattestation address is used to verify the existence of the attestationtransaction in the centralized or distributed ledger, as has previouslybeen shown. In step 960, upon verification of the existence of theattestation transaction, the merchant completes the purchasetransaction. In one embodiment, prior to completing the purchasetransaction, the merchant sends a cryptographic challenge nonce to theprocessor associated with the user in order to verify that the usercontrols the user's private key.

FIG. 10 is a flowchart 1000 for describing a method for use in logginginto a website or online site or service using an attestationapplication on a mobile phone or device (e.g. a smartphone). At first,the user is presented with a login or entry screen of the online site.The user may click on a button, menu item, or other indicator, to login,enter, or start processing associated with the online site (step 1010 ofFIG. 10). The online site provides a presentation of a visual code (e.g.a barcode or a motion QR) to the user (step 1020 of FIG. 10). The userproceeds to scan the visual code using the attestation application (e.g.with use of the camera on the mobile device) (step 1030 of FIG. 10). Theact of scanning the visual code causes a direct connection to beestablished between the mobile device and the online site.

The online site provides a presentation and procedure to allow the userto communicate information that has already been attested to by theattestor. The user passes this identifying information attested to inits attestation application to login (step 1040 of FIG. 10). Thisidentifying information may include, for example, an email addressand/or any other information item. The online site then proceeds toverify the user's identifying information using the protocols discussedearlier above (step 1050 of FIG. 10). If the user's identifyinginformation is verified, the user is successfully logged into the onlinesite based on the authenticated information provided by the attestationapplication (step 1060 of FIG. 10), Normal session management techniqueson the online site are thereafter performed.

FIG. 11 is a flowchart 1100 for describing a method for signing up orenrolling to create a user account on an online site or service using anattestation application on a mobile phone or device (e.g. a smartphone).At first, the user is presented with a login or entry screen for theonline site. The user may click on a button (e.g. login button), menuitem, or the like, to login or enter the online site (step 1110 of FIG.11). The online site provides a presentation of a visual code (e.g. abarcode or a motion QR) to the user (step 1120 of FIG. 11). The userproceeds to scan the visual code using the attestation application (e.g.with use of the camera on the mobile device) (step 1130 of FIG. 11). Theact of scanning the visual code causes a direct connection to beestablished between the mobile device and the online site.

Next, the user is provided with a presentation which asks the user toshare certain information in order to create an account (step 1140 ofFIG. 11). Some of the information requested may be required in order forthe user to open an account, and some of the information requested maybe optional. The user may select which optional information they want toprovide as part of the account creation (step 1150 of FIG. 11). The usermay the send the required information and the selected optionalinformation to the online site using the attestation application. Here,the user's attested information along with the user's agreement may besent to the online site from the attestation application of the user'smobile device (step 1160 of FIG. 11). The online site may trust theattested information provided through the attestation application. Onthe other hand, the online site may decide to perform an additionalverification using the verification protocol, previously describedearlier above. Once the online site is confident in the authenticity ofthe user's information, the online site follows their normal process ofcreating a new user account based on the attested (and potentiallyverified) information (step 1180 of FIG. 11).

FIG. 12 is a flowchart 1200 for describing a method of validatingpersonal identification information during account creation, or addingnew or updated personal identification information to be validated andauthenticated, by an attestor 1240. The method begins where the attestorsite and/or the app of the user 1230 provides a login or entry screenfor the user 1230, and the user 1230 proceeds to log on to the attestor1240 (step 1210 of FIG. 12). The user 130 starts a process to get anaccount with the attestor 1240, and provides information to the attestor1240 (step 1211 of FIG. 2). The information may include the user'ssocial security number, date of birth, name, physical address, phonenumbers, and the like. The attestor 1240 may check the user'sinformation against an internal blacklist in order to determine whetheror not to proceed with the creation of an account and the subsequentattestation of that user information (step 1213 of FIG. 12).

If the attestor 1240 determines to proceed, the attestor may perform anattestation protocol and a validation protocol on the user information.These protocols were described earlier above, for example, in relationto FIGS. 2-3. In one embodiment, the attestor 1240 may utilize one ormore validators 1250 to perform some or all of the validation protocol,and may send the user information to the validator 1250 (step 1214 ofFIG. 12). The attestor 1240 may perform other validation processes andcheck other records to see whether this account creation shouldcontinue. The one or more validators 1250 may check the validity of thedata against internal and external records according to a validationprotocol (step 1215 of FIG. 12) as previously described. The validationprotocol may involve checking if the data provided by the user 1230matches credit records (step 1212 of FIG. 2). The validation protocolmay involve reviewing information available on social networks toanalyze the likelihood that the user 1230 is a real person.

The one or more validators 1250 may utilize a statistical riskdetermination model to determine whether more information is needed tomake a validity decision (step 1216 of FIG. 12). If yes, the one or morevalidators 1250 may generate further user information requirements suchas a set of questions for the user 1230 to answer (step 1217 of FIG.12). The questions may be questions such as where the user lived tenyears ago, which companies the user has loans with, or other questionsbased on information that only that user should know readily. The one ormore validators 1250 sends these additional user informationrequirements to the attestor 1240. The attestor 1240 makes a request forthe additional user information requirements to the user 1230 (step 1218of FIG. 12). In response, the user 1230 provides the answers to theadditional information request to the attestor 1240 (step 1218 of FIG.12). The attestor 1240 receives the additional user information, and inturn passes it to the one or more validators 1250 (step 1218 of FIG.12).

If the one or more validators 1250 determines that no more informationis needed to validate the user 1230, the one or more validators may senda statistical score which represents the likelihood of the user 1230being authentic to the attestor 1240 (step 1219 of FIG. 12). Theattestor 1240 may create a user account marked as temporary (step 1220of FIG. 12), and may set a timer associated with the user account. Thetimer is set so that, if further validation steps are not completedwithin the time limit, the user account will be suspended, held, ordeleted.

Even further validation steps may be taken for further assurance. Theattestor 1240 may send a website link or URL to the user's email addressin order to validate the user's email address (step 1221 of FIG. 12).The user 1230 may be required to go to or click on the link sent in theemail from the attestor 1240, which will direct the user's browser to aweb page of the attestor site for the user 1230 to enter furtherauthenticating information to activate their account. In another aspect,the attestor 1240 may require the user 1230 to validate a provided phonenumber, by calling or texting the user 1230 at that phone number andcollecting a response. In another aspect, the attestor 1240 could use athird party multi-factor authentication service such as AUTHY.COM or thelike. In another aspect, the attestor 1240 could use one of various2-factor or multi-factor authentication methods as known in the art. Atstep 1222 the attestor 1240 may send a postcard through a national mailservice or other delivery service to the user 1230 at the residential orother address provided to the site. Upon receipt, the user 1230 mayenter the code on this postcard into a form on the attestor applicationor website (step 1223 of FIG. 12) to validate that the user 1230 whocreated the account is also in control of the physical mail at thataddress. The attestor 1240 may mark the account created at step 1220 aspermanently active (step 1224 of FIG. 12).

FIG. 13a is a flowchart 1300 for describing a method of notificationmessaging pertaining to the use of personal identification informationof a user. In the method of FIG. 13a , an individual 1310, who may belegitimately the user 1305 or authorized by the user 1305, oralternatively who may be fraudulent, attempts to perform a transactionor receive a service in step 1350 from an organization 1320, the attemptincluding providing information of the user and the user's public key.In step 1352, the organization 1320 sends the information received fromthe individual attempting the transaction and the user's public key tothe attestor 1330. The attestor generates the attest key using theinformation and the public key and generates the attestation addressusing the attest key and the public keys used to generate the originalattestation transaction associated with the user and the information,and verifies whether the attestation transaction is stored within acentralized or distributed ledger at the attestation address, andwhether the attestation transaction has not been revoked (e.g.,cryptocurrency has not been spent) in step 1354. In step 1356, if theinformation has been previously attested to in an attestationtransaction and the attestation transaction has not been revoked, theattestor sends a notification message to the user on a knowncommunication channel or via the attestation application on the user'sdevice. In one embodiment, the notification message may be sent to theuser via a third party. In one embodiment, the third party could be theapplication provider. In one embodiment, the third party could be theattestor. In step 1358, the user responds to the notification message.The attestor 1330 determines whether or not the response from the userapproves or does not approve the business transaction in step 1359. Instep 1360, if the user confirms the business transaction, the attestor1330 notifies the organization 1320 that the user approves the businesstransaction. In step 1362, if the user does not confirm the businesstransaction, the attestor 1330 notifies the organization 1320 that theuser does not approve the business transaction.

In the method of FIG. 13a , an individual 1310, who may be legitimatelythe user 1305 or authorized by the user 1305, or who alternatively maybe fraudulent, attempts to perform a transaction or receive a service.In one embodiment, the individual 1310 may be fraudulent but may be incontrol of the information that belongs to the user 1305. In oneembodiment, the individual 1310 is the same entity as the user 1305. Inone embodiment, the organization 1320 may be a merchant and theindividual may be trying to make a purchase in step 1350. In oneembodiment, the organization 1320 may be a bank or a financialinstitution and the individual may be trying to withdraw or transfermoney in step 1350. It is obvious to those skilled in the art that thereare many different kinds of transactions that an individual 1310 mayinitiate at an organization 1320 that would incur damage to the user1305 if the individual 1310 was fraudulently pretending to be the user1305. In step 1350, with the attempt to receive service, the individual1310 sends to the organization 1320 previously attested to informationand their public key. In one embodiment, the information is informationthat is needed to make the business transaction, and which has also beenpreviously attested to. In step 1352, when the organization receivesinformation and a public key from an individual 1310 that is seeking tomake a transaction or receive a service, the organization can send thisinformation to the attestor 1330 so that the attestor can verify thatthe information has been attested to and has not been revoked. In oneembodiment, the organization or the attestor may send a cryptographicchallenge nonce to the individual to be signed with the individual'sprivate key, in order to verify that the individual has control of theprivate key corresponding to the public key. In one embodiment, theorganization notifies the attestor that an attempt to use the user's1305 information has been made. In one embodiment, the organization 1320may indicate the particular type of request the individual 1310 ismaking, and may provide a remediation phone number in the request to theattestor 1330. In one embodiment, the attestor 1330 may provide anapplication or API to the organization 1320 such that the organization1320 may directly contact the user 1305 about the use of the userinformation. In one embodiment, the organization 1320 sends theinformation and the public key provided to the attestor 1330 or theapplication or API provided by the attestor 1330 in order to verify theindividual 1310. In one embodiment, the information provided may includea social security or identity number, and it is sent to the attestor1330 or to the application or API provided by the attestor 1330, inorder to verify the individual 1310. In one embodiment, the organization1320 requests an additional piece of information from the individual1310 in order to provide this information to the attestor 1330 in orderto verify the individual 1310. In one embodiment, the attestor 1330requests an additional piece of information from the organization 1320in order to identify and verify the individual 1310. In one embodiment,a different third party performs the role of the attestor 1330 in FIG.13a , via an API or application that the attestor 1330 makes availableto such third-party service providers. In step 1354, the attestor 1330verifies that the information of the individual 1310 that was receivedhas been previously attested to. In one embodiment, the attestor 1330may use the public key or the individual's information or the publicattest key or the attestation address to identify the user in anexisting database of attested users using standard database searchfunctionality. In one embodiment, the attestor 1330 may create theattest key and attestation address using the information and the user'spublic key in order to verify that the information was previouslyattested to. In one embodiment, step 1354 is performed by theorganization 1320 via access to an API or application of the attestor1330. In one embodiment, the existing database of attested users isstored by the attestor 1330. In one embodiment, the existing database ofattested users is stored in an online or cloud based storage. In oneembodiment, the database is provided by a third party. In oneembodiment, the existing database includes all users with attestedinformation regardless of the attestor that attested to the information.In one embodiment, different databases of users exist depending on thetype of information that is attested to.

In one embodiment, the organization 1320 may be a client of the attestor1330. In step 1354, the individual's information or public key or theattest key or the attestation address leads to the individual 1310 beingidentified in an existing database of attested users. In one embodiment,the attestor 1330 may require a minimum amount of information from theindividual 1310 in order to uniquely identify an individual. In oneembodiment, the attestor 1330 may require at least some subset of theindividual's information such as the individual's name, date of birthand address in combination. In one embodiment, the attestor 1330 mayonly require a single piece of the individual's information, such as asocial security number, as a non-limiting example. In step 1356, theattestor 1330 sends a notification message on a communication channel ofthe user. In one embodiment, the notification message may be deliveredto the user through the use of the attestor application on a userdevice. In one embodiment, the notification message is to inform theuser 1305 of the attempt to start a business transaction. In oneembodiment, the attestor 1330 sends the notification message on apreferred communication channel of the user 1305. In one embodiment, theuser 1305 may be prompted or asked to authorize the access to theservice, and may be able to allow or deny the access to the servicebased on a query presented at the user's device. In one embodiment, theuser 1305 may be able to allow or deny the access to the service byresponding to a text message or a voice call. Where the user 1305 isqueried about the service on more than one communication channel, theuser 1305 may be required to authorize the transaction on one, more thanone, or all of the communication channels. In step 1358, the user 1305sends a response to the notification message. In one embodiment, theresponse to the notification message is from the user 1305 to theattestor 1330. In one embodiment, the response to the notificationmessage includes either a confirmation from the user 1305 of the attemptto start a business transaction or a denial from the user 1305 of theattempt to start a business transaction. In one embodiment, the user1305 sends the response to the notification message on a preferredcommunication channel. In one embodiment, the user 1305 indicates theresponse to the notification message on an attestor application on theuser's device. In step 1359, the attestor determines if the responsefrom the user 1305 is a confirmation of the attempt to start a businesstransaction. If the response is a position confirmation of the attemptto start a business transaction, then the attestor 1330 sends anotification to the organization 1320 that the business transaction isapproved by the user 1305, and therefore the user 1305 and theindividual 1310 are likely to be the same person. If the response is adenial of the attempt to start a business transaction, then the attestor1330 sends a notification to the organization 1320 that the businesstransaction is not approved by the user 1305, and therefore theindividual 1310 that is attempting to start the business transaction islikely fraudulent.

The method of FIG. 13b shows a further embodiment of the methoddescribed in FIG. 13a . As before, in step 1350, with the attempt toreceive service, the individual 1310 sends to the organizationinformation and their public key. In step 1352, when the organizationreceives information and the public key from an individual 1310 that isseeking to make a transaction or receive a service, the organization cansend this information to the attestor 1330. In one embodiment, theattestor may verify that the user indicated in the information sent bythe organization is a registered user that holds a valid account at anattestor. As previously discussed, in one embodiment, the attestor 1330may look for the information or the public key or the attest key in anexisting database of attested users using standard database searchfunctionality. In one embodiment, the attestor 1330 may positivelyidentify an existing authenticated and registered user that holds avalid account at the attestor (a registered user) using the informationand/or the public key of the individual that has been received. If theuser is not a registered user and does not hold a valid account, theattestor 1330 informs the organization 1320 and the organization fallsback to traditional individual verification. If the user is registeredand does hold a valid account, in step 1354, the attestor 1330 uses theinformation and the public key to generate the attest key and uses theattest key to generate the attestation address, and verifies that theattestation transaction is present at the attestation address and thatthe attestation transaction has not been revoked. If the attestor 1330determines that there is not a valid attestation transactionrepresenting the user information, then the attestor 1330 alerts theorganization 1320 that they are not able to verify the information ofthe individual 1310 and in step 1355 c, the organization falls back totraditional methods of verifying the individual 1310 in order to processor decline the business transaction. In one embodiment, in step 1355 d,the attestor 1330 checks for the preferred communication channel of theuser 1305, for example the attestor 1330 may check any communicationpreference of the user 1305 identified in the user's profile. Forexample, the user's communication preference may be any one of SMS ortexting, email, push messaging to a specific smartphone or mobile deviceapplication, or another user-provided channel. In step 1356, theattestor 1330 sends a notification message on a communication channel toan address of the user 1305. In one embodiment, the notification messageis to inform the user 1305 of the attempt to start a businesstransaction. In step 1358, the user 1305 sends a response to thenotification message. In one embodiment, the response to thenotification message is from the user 1305 to the attestor 1330. In oneembodiment, the response to the notification message includes either aconfirmation from the user 1305 of the attempt to start a businesstransaction or a denial from the user 1305 of the attempt to start abusiness transaction. In one embodiment, the user 1305 sends theresponse to the notification message on a preferred communicationchannel. In one embodiment, the user 1305 indicates the response to thenotification message on an attestor application on the user's device. Instep 1359, the attestor determines if the response from the user 1305 isa confirmation of the attempt to start a business transaction. If theresponse is a denial of the attempt to start a business transaction,then the attestor 1330 sends a notification to the organization 1320that the business transaction is not approved by the user 1305, andtherefore the individual 1310 that is attempting to start the businesstransaction is likely fraudulent. If the response is a confirmation fromthe user 1305, then in step 1360 the attestor 1330 sends a notificationto the organization 1320 that the business transaction is approved bythe user 1305, and therefore the user 1305 and the individual 1310 arelikely to be the same person. In step 1311, upon receiving thenotification that the business transaction is approved by the user 1305,the organization 1320 proceeds with the transaction. In the case wherethe response from the user 1305 is not a confirmation of the transactionattempt, the attestor 1330 sends a fraud alert to the user 1305 in step1313 a. In one embodiment, the attestor 1330 sends a fraud alert to theorganization 1320 in step 1313 b. In one embodiment, the attestor 1330sends a fraud alert to the authority 1340 in step 1313 c. If theorganization 1320 receives a fraud alert from the attestor in step 1313b, then in one embodiment, the organization 1320 may block the businesstransaction in step 1314. When the authority 1340 receives a fraud alertfrom the attestor 1330 in step 1313 c, in one embodiment the authoritymay alert banks or credit card companies of the user compromise in step1315. In one embodiment, the authority 1340 may initiate fraudconsequences against the individual 1310 in step 1316. In oneembodiment, fraud consequences may involve charges being brought againstthe individual. In one embodiment, the authority 1340 may additionallyinitiate fraud remediation for the user in step 1317. In one embodiment,fraud remediation may involve the immediate suspension of all useraccounts. In one embodiment, fraud remediation may involve tracking anyfurther use on any user accounts. In one embodiment, fraud remediationmay involve the reissue of one or more accounts of the user 1305.

FIG. 14 shows an application screen for a user to provide information toa validator. A user interface screen on the user's mobile device maysimulate an identification card 1400. The identification card 1400 maypresent Personal Identification information, which may include aphotograph of the user, their age, their employer, their home address,their sex, height, eye color, weight, phone number, messaging address,email address, social media address/username/handle, etc. It may alsoshow their digital crypto-currency recipient address 1430. Theidentification card 1400 may include a series of checkboxes 1410 (e.g.,on the bottom left of the figure) showing what sources of informationare authenticated by the attestor. In this example, the identificationcard shows that the authenticated user information is the users driver'slicense, employer, and biometrics. The address may not be attested to asthe section next to address is unchecked, and lock icons 1420 mayindicate a level of security of the card.

In order to communicate to a verifier, the identification card 1400 maypresent an animated image 1440 that conveys information to a verifierapplication or an attestor application running on another smartphone orusing a camera attached to a computer. The identification card 1400 maybe placed so that the moving image 1440 can be viewed by the receivingapplication. The data transfer may be used to send authenticatedinformation as described in FIG. 2-FIGS. 5a /5 b and herein.

The user may also use the identification card 1400 to log into a sitesuch as a website. In this case, the site may display a moving graphicas in 1440 but in this case the attestor application may use asmartphone camera to record and interpret the information beingtransmitted from the site. An application for the identification card1400 may then transmit appropriate attested credentials to the site asdescribed herein.

FIG. 15 is a flowchart 1500 for describing a method of using theprotocols described herein in order to authenticate the identity of adigital entity on the Internet. The methods described herein eliminatethe need for a conventional third party such as a certificate authority(CA) vendor. A CA vendor is a trusted entity that issues electronicdocuments that verify a digital entity's identity on the Internet. Theelectronic documents, which are called digital certificates, are anessential part of conventional secure communication and play animportant part in the public key infrastructure (PKI). Certificatestypically include the owner's public key, the expiration date of thecertificate, the owner's name and other information about the public keyowner. A foundational element of the Secure Sockets Layer/TransportLayer Security (SSL/TLS) certificate system is that browser vendors needto trust the CA vendors that issue certificates. If trust in a CA vendoris lost, then major browsers will distrust and block websites that usedigital certificates signed by this vendor in order to prevent malicioushacking and man in the middle attacks. CA vendors store certificates intheir own infrastructure, and that infrastructure itself may be hacked.For example, one CA vendor was found to have issued fraudulent SSLcertificates for a number of domains. An investigation showed that thiswas caused by an intrusion into the CA vendor's infrastructure.Therefore, there are inherent weaknesses in the conventional CA systems,due to the fact that the CA vendors are being trusted with the storageand safekeeping of the digital certificates, and are vulnerable tointrusions.

An attestor and a company may create an attestation transaction thatusers, operating systems, browsers, and other entities includingprospective communication or transaction partners may use in place ofthe SSL certificates issued by traditional CA vendors. The method startsat start block 1502. In step 1504, the attestor receives information anda public key from a digital entity that wishes to have their informationand identity validated and attested to. In step 1506, the attestorvalidates the information received from the digital entity, performingdiligence on the digital entity to ensure it is legitimate. In step1508, the attestor combines a hash of the information with the publickey to create a public attest key, according to the attestation protocoldescribed herein. In step 1510, the attestor creates an attestationaddress based on the public attest key. In step 1512, the attestorgenerates a signed transaction and broadcasts the transaction to acentralized or distributed ledger. The method finishes at finish block1514.

In step 1504, the information that the attestor receives from thedigital entity may be the name of the digital entity. In one embodiment,the information that the digital entity must provide is standardized. Inone embodiment, the digital entity may provide more information than isrequired in order to assist with the process of validating the digitalentity. In one embodiment, the information may include the domain nameof the digital entity. In step 1506, the attestor performs diligence onthe digital entity and validates the information received from thedigital entity. In one embodiment, this diligence may include theattestor validating that the digital entity owns, or has the legal rightto use, the domain name that is included in the information. In oneembodiment, the attestor may validate that the digital entity is alegitimate and legally accountable entity.

In step 1508, the attestor begins the method of creating an attestationtransaction using the information of the digital entity and the publickey of the digital entity, by creating a hash of the information andcombining the hash of the information with the public key of the digitalentity to create a public attest key. In step 1510, the attestor createsan attestation address based on the public attest key, as previouslydescribed. In step 1512, the generates a signed transaction using theirprivate key, and broadcasts the transaction to the centralized ordistributed network. The method ends at finish block 1514.

FIG. 16 is a flowchart illustrating a method by which a user, forexample a user's web browser or operating system, can determine whetherit should trust a server of a digital entity. The method can proceedwithout relying on an additional third party, such as a traditional CAvendor. The digital entity has previously had their informationvalidated and attested to by an attestor, as described above. The methodbegins at start block 1602. In step 1604, the user sends a request forinformation to the digital entity, the request for information includinga cryptographic challenge nonce. In one embodiment, the information thatthe user requests is a standardized set of information. In oneembodiment, the information that the user requests includes the digitalentity's public key. In one embodiment the digital entity's public keyis displayed on the website of the digital entity. In step 1606, theuser receives information from the digital entity including thecryptographic challenge nonce signed with the digital entity's privatekey. In step 1608, the user creates an attestation address using theinformation received from the digital entity and the digital entity'spublic key using the protocols previously described herein. In step1610, the user uses the attestation address to verify that theattestation transaction exists on the centralized or distributed ledgerat the attestation address, and that the attestation transaction has notbeen revoked. In one embodiment, an attestor application or API or plugin is utilized by the user to verify that the attestation address existsand has not been revoked. In one embodiment, the process of verifyingthat the attestation transaction has not been revoked comprises checkingto see if the attestation transaction exists in the UTXO cache. In step1612, the user uses the signed cryptographic nonce to verify that thedigital entity has control over the private key of the public-privatekey pair as is known in the art. Upon receiving verification that theattestation transaction exists on the centralized or distributed ledgerand has not been revoked and/or receiving verification of the digitalentity's identity, the user can trust the digital entity and proceed toaccess their server. In this way, a method is provided by which a usercan verify the validity of a digital entity without having to trust aCSL or OCSP with the storage and management of signed certificates.

In one embodiment, the digital entity could, for example, display a codeon their website which provides their information and their public keyand indicate that they are validated via an attestor. When a usersubsequently wants to verify that this digital entity is legitimate andthat they can trust the digital entity's certificate, the user cansimply receive the digital entity information directly from the website.It should be understood that any of the above steps may be performed byan attestor on behalf of the user or the company. In one embodiment, theuser may verify that the digital entity has control over their privatekey prior to verifying that the attestation transaction exists at theattestation address on the centralized or distributed ledger and thatthe attestation transaction has not been revoked. In one embodiment, thesigned transaction in the ledger may be revoked by the digital entity orby the attestor using a revocation protocol. In one embodiment, theinformation may be hashed with a cryptographic hash function, forexample, SHA256, RIPEMD160, or both.

While the foregoing describes a particular set of techniques forattesting and validating information, it will be understood thatinformation attestation has wider applicability, and may be usefullyemployed to augment, civic transactions, financial transactions identityverification, political transactions, contracts, treaties, digitalsignatures, and a wide range of other useful processes.

The above systems, devices, methods, processes, and the like may berealized in hardware, software, or any combination of these suitable foran application. The hardware may include a general-purpose computerand/or dedicated computing device. This includes realization in one ormore microprocessors, microcontrollers, embedded microcontrollers,programmable digital signal processors or other programmable devices orprocessing circuitry, along with internal and/or external memory. Thismay also, or instead, include one or more application specificintegrated circuits, programmable gate arrays, programmable array logiccomponents, or any other device or devices that may be configured toprocess electronic signals. It will further be appreciated that arealization of the processes or devices described above may includecomputer-executable code created using a structured programming languagesuch as C, an object oriented programming language such as C++, or anyother high-level or low-level programming language (including assemblylanguages, hardware description languages, and database programminglanguages and technologies) that may be stored, compiled or interpretedto run on one of the above devices, as well as heterogeneouscombinations of processors, processor architectures, or combinations ofdifferent hardware and software. In another aspect, the methods may beembodied in systems that perform the steps thereof, and may bedistributed across devices in several ways. At the same time, processingmay be distributed across devices such as the various systems describedabove, or all the functionality may be integrated into a dedicated,standalone device or other hardware. In another aspect, means forperforming the steps associated with the processes described above mayinclude any of the hardware and/or software described above. All suchpermutations and combinations are intended to fall within the scope ofthe present disclosure.

Embodiments disclosed herein may include computer program productscomprising computer-executable code or computer-usable code that, whenexecuting on one or more computing devices, performs any and/or all thesteps thereof. The code may be stored in a non-transitory fashion in acomputer memory, which may be a memory from which the program executes(such as random access memory associated with a processor), or a storagedevice such as a disk drive, flash memory or any other optical,electromagnetic, magnetic, infrared or other device or combination ofdevices. In another aspect, any of the systems and methods describedabove may be embodied in any suitable transmission or propagation mediumcarrying computer-executable code and/or any inputs or outputs fromsame.

It will be appreciated that the devices, systems, and methods describedabove are set forth by way of example and not of limitation. Absent anexplicit indication to the contrary, the disclosed steps may bemodified, supplemented, omitted, and/or re-ordered without departingfrom the scope of this disclosure. Numerous variations, additions,omissions, and other modifications will be apparent to one of ordinaryskill in the art. In addition, the order or presentation of method stepsin the description and drawings above is not intended to require thisorder of performing the recited steps unless an order is expresslyrequired or otherwise clear from the context.

The method steps of the implementations described herein are intended toinclude any suitable method of causing such method steps to beperformed, consistent with the patentability of the following claims,unless a different meaning is expressly provided or otherwise clear fromthe context. So, for example performing the step of X includes anysuitable method for causing another party such as a remote user, aremote processing resource (e.g., a server or cloud computer) or amachine to perform the step of X. Similarly, performing steps X, Y and Zmay include any method of directing or controlling any combination ofsuch other individuals or resources to perform steps X, Y and Z toobtain the benefit of such steps. Thus, method steps of theimplementations described herein are intended to include any suitablemethod of causing one or more other parties or entities to perform thesteps, consistent with the patentability of the following claims, unlessa different meaning is expressly provided or otherwise clear from thecontext. Such parties or entities need not be under the direction orcontrol of any other party or entity, and need not be located within aparticular jurisdiction.

It should further be appreciated that the methods above are provided byway of example. Absent an explicit indication to the contrary, thedisclosed steps may be modified, supplemented, omitted, and/orre-ordered without departing from the scope of this disclosure.

It will be appreciated that the methods and systems described above areset forth by way of example and not of limitation. Numerous variations,additions, omissions, and other modifications will be apparent to one ofordinary skill in the art. In addition, the order or presentation ofmethod steps in the description and drawings above is not intended torequire this order of performing the recited steps unless a particularorder is expressly required or otherwise clear from the context. Thus,while particular embodiments have been shown and described, it will beapparent to those skilled in the art that various changes andmodifications in form and details may be made therein without departingfrom the spirit and scope of this disclosure and are intended to form apart of the disclosure as defined by the following claims, which are tobe interpreted in the broadest sense allowable by law.

What is claimed is:
 1. A method of executing a business transaction witha merchant, the method being implemented on a computer system having oneor more physical processors configured by machine-readable instructionswhich, when executed perform the method, comprising: receiving at aprocessor associated with the merchant a code representing informationof a user, wherein the code is provided by an output device for aprocessor associated with the user, and wherein the information has beenpreviously attested to in an attestation transaction stored within acentralized or distributed ledger at an attestation address, thecentralized or distributed ledger providing a record of transactions;converting the code to the information of the user; deriving a publicattest key by using the information of the user; deriving an attestationaddress using the public attest key; verifying the existence of theattestation transaction at the attestation address in the centralized ordistributed ledger; and upon verification of the existence of theattestation transaction, completing the business transaction.
 2. Themethod of claim 1, further comprising, prior to completing the businesstransaction: sending a cryptographic challenge nonce to the processorassociated with the user; receiving at the processor associated with themerchant the cryptographic challenge nonce signed by the user's privatekey; and verifying user identity with the cryptographic challenge noncesigned by the user's private key.
 3. The method of claim 1, whereinreceiving at the processor associated with the merchant a coderepresenting information of the user, comprises receiving a visual codedisplayed on a display unit for a processor associated with user.
 4. Themethod of claim 3, wherein receiving at the processor associated withthe merchant a visual code representing information of the usercomprises optically recognizing the visual code displayed on the displayunit for the processor associated with the user.
 5. The method of claim3, wherein receiving at the processor associated with the merchant avisual code representing information of the user comprises placing anoptical recognition device associated with the processor of the merchantin visual proximity with the display unit for the processor associatedwith the user.
 6. The method of claim 1, wherein receiving at theprocessor associated with the merchant a code representing informationof the user, comprises receiving a signal transmitted by a short rangetransmitter for a processor associated with user.
 7. The method of claim6, wherein the signal transmitted by the short range transmittercomprises at least one of local Wi-Fi, Bluetooth, Bluetooth LE, nearfield communications (NFC), infrared, RFID, ambient audio, andsupersonic audio communication.
 8. A system for executing a businesstransaction from a merchant, the system comprising a computer systemhaving one or more physical processors configured by machine-readableinstructions to: receive at a processor associated with the merchant avisual code representing information of a user, wherein the code isprovided by an output device for a processor associated with the user,and wherein the information has been previously attested to in anattestation transaction stored within a centralized or distributedledger at an attestation address, the centralized or distributed ledgerproviding a record of transactions; convert the code to the informationof the user; derive a public attest key by using the information of theuser; derive an attestation address using the public attest key; verifythe existence of the attestation transaction at the attestation addressin the centralized or distributed ledger; and upon verification of theexistence of the attestation transaction, complete the businesstransaction.
 9. The system of claim 8, wherein the computer system isfurther configured by machine-readable instructions to: send acryptographic challenge nonce to the processor associated with the user;receive at the processor associated with the merchant the cryptographicchallenge nonce signed by the user's private key; and verify useridentity with the cryptographic challenge nonce signed by the user'sprivate key.
 10. The system of claim 8, wherein the code is a visualcode displayed on a display unit for a processor associated with user.11. The system of claim 10, further comprising: an optical recognitiondevice associated with the processor of the merchant, configured tooptically recognize the visual code displayed on the display unit forthe processor associated with the user.
 12. The system of claim 10,wherein the visual code comprises a barcode or a motion QR and opticalrecognition device comprises a camera or a scanner.
 13. The system ofclaim 8, wherein the code is a signal transmitted by a short rangetransmitter for a processor associated with user.
 14. The system ofclaim 13, wherein the signal transmitted by the short range transmittercomprises at least one of local Wi-Fi, Bluetooth, Bluetooth LE, nearfield communications (NFC), infrared, RFID, ambient audio, andsupersonic audio communication.
 15. The system of claim 8, wherein thecomputer system is further configured by machine-readable instructionsto: maintain a database of attestation transactions, each attestationtransaction relating to one or more items of information of the user,the attestation transaction comprising an attestation address based on apublic attest key, wherein the public attest is derived by combining ahash of the information with a user's public key generated for theinformation.
 16. The system of claim 8, wherein the computer system isfurther configured by machine-readable instructions to: provide on thedisplay unit a presentation for selection by the user of the one or moreitems of information; receive a user selection of attested information;display a visual code representing the selected attested information.17. The system of claim 8, wherein the processor associated with theuser comprises a mobile device.